hardening: add insurance to exit on a failed ASSERT()
The code behind our ASSERT() macro is pretty complex. Although it seems
to be correct, make it trivially clear we will never return from a failed
assert by adding an _exit(1) call. As was suggested by Sebastian Krahmer
of the SuSE security team.
To make sure they that tools like clang static analyzer and coverity
understand that assert_failed() will not return, add an
__attribute__((__noreturn__)) annotation.
v2: use __attribute__ instead of inline to convince static analysers.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1445414886-11052-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10349
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Steffan Karger authored on 2015/10/21 17:08:06Showing 2 changed files
| ... | ... |
@@ -210,7 +210,7 @@ FILE *msg_fp(const unsigned int flags); |
| 210 | 210 |
/* Fatal logic errors */ |
| 211 | 211 |
#define ASSERT(x) do { if (!(x)) assert_failed(__FILE__, __LINE__); } while (false)
|
| 212 | 212 |
|
| 213 |
-void assert_failed (const char *filename, int line); |
|
| 213 |
+void assert_failed (const char *filename, int line) __attribute__((__noreturn__)); |
|
| 214 | 214 |
|
| 215 | 215 |
#ifdef ENABLE_DEBUG |
| 216 | 216 |
void crash (void); /* force a segfault (debugging only) */ |