Merge pull request #2639 from brauner/2018-09-23/compiler_based_harde…

…ning

compiler: compiler based hardening

configure.ac

@@ -685,6 +685,8 @@ LXC_CHECK_TLS
 
 AX_CHECK_COMPILE_FLAG([-fdiagnostics-color], [CFLAGS="$CFLAGS -fdiagnostics-color"],,[-Werror])
 AX_CHECK_COMPILE_FLAG([-implicit-fallthrough], [CFLAGS="$CFLAGS -Wimplicit-fallthrough"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Wcast-align], [CFLAGS="$CFLAGS -Wcast-align"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Wstrict-prototypes], [CFLAGS="$CFLAGS -Wstrict-prototypes"],,[-Werror])
 
 CFLAGS="$CFLAGS -Wvla -std=gnu11"
 if test "x$enable_werror" = "xyes"; then

src/include/ifaddrs.c

@@ -167,6 +167,9 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
 	struct ifaddrs_ctx *ctx = pctx;
 
 	if (h->nlmsg_type == RTM_NEWLINK) {
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-align"
+
 		for (rta = __NLMSG_RTA(h, sizeof(*ifi)); __NLMSG_RTAOK(rta, h);
 		     rta = __RTA_NEXT(rta)) {
 			if (rta->rta_type != IFLA_STATS)
@@ -175,6 +178,8 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
 			stats_len = __RTA_DATALEN(rta);
 			break;
 		}
+
+#pragma GCC diagnostic pop
 	} else {
 		for (ifs0 = ctx->hash[ifa->ifa_index % IFADDRS_HASH_SIZE]; ifs0;
 		     ifs0 = ifs0->hash_next)
@@ -190,6 +195,9 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
 		return -1;
 	}
 
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-align"
+
 	if (h->nlmsg_type == RTM_NEWLINK) {
 		ifs->index = ifi->ifi_index;
 		ifs->ifa.ifa_flags = ifi->ifi_flags;
@@ -289,6 +297,8 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
 				    &ifs->netmask, ifa->ifa_prefixlen);
 	}
 
+#pragma GCC diagnostic pop
+
 	if (ifs->ifa.ifa_name) {
 		if (!ctx->first)
 			ctx->first = ifs;
@@ -334,6 +344,8 @@ static int __nl_recv(int fd, unsigned int seq, int type, int af,
 		if (r <= 0)
 			return -1;
 
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-align"
 		for (h = &u.reply; __NLMSG_OK(h, (void *)&u.buf[r]);
 		     h = __NLMSG_NEXT(h)) {
 			if (h->nlmsg_type == NLMSG_DONE)
@@ -348,6 +360,7 @@ static int __nl_recv(int fd, unsigned int seq, int type, int af,
 			if (ret)
 				return ret;
 		}
+#pragma GCC diagnostic pop
 	}
 }
 

src/lxc/log.h

@@ -477,5 +477,5 @@ extern int lxc_log_set_file(int *fd, const char *fname);
 extern const char *lxc_log_get_file(void);
 extern void lxc_log_set_prefix(const char *prefix);
 extern const char *lxc_log_get_prefix(void);
-extern void lxc_log_options_no_override();
+extern void lxc_log_options_no_override(void);
 #endif

src/lxc/lxccontainer.c

@@ -2451,6 +2451,9 @@ static char **do_lxcapi_get_ips(struct lxc_container *c, const char *interface,
 			if (tempIfAddr->ifa_addr == NULL)
 				continue;
 
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-align"
+
 			if (tempIfAddr->ifa_addr->sa_family == AF_INET) {
 				if (family && strcmp(family, "inet"))
 					continue;
@@ -2466,6 +2469,8 @@ static char **do_lxcapi_get_ips(struct lxc_container *c, const char *interface,
 				tempAddrPtr = &((struct sockaddr_in6 *)tempIfAddr->ifa_addr)->sin6_addr;
 			}
 
+#pragma GCC diagnostic pop
+
 			if (interface && strcmp(interface, tempIfAddr->ifa_name))
 				continue;
 			else if (!interface && strcmp("lo", tempIfAddr->ifa_name) == 0)

src/lxc/network.c

@@ -962,6 +962,9 @@ int netdev_get_mtu(int ifindex)
 	if (err < 0)
 		goto out;
 
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-align"
+
 	do {
 		/* Restore the answer buffer length, it might have been
 		 * overwritten by a previous receive.
@@ -1024,6 +1027,8 @@ int netdev_get_mtu(int ifindex)
 		}
 	} while (readmore);
 
+#pragma GCC diagnostic pop
+
 	/* If we end up here, we didn't find any result, so signal an error. */
 	err = -1;
 
@@ -1501,6 +1506,9 @@ int lxc_ipv4_addr_add(int ifindex, struct in_addr *addr, struct in_addr *bcast,
  * the given RTM_NEWADDR message. Allocates memory for the address and stores
  * that pointer in *res (so res should be an in_addr** or in6_addr**).
  */
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-align"
+
 static int ifa_get_local_ip(int family, struct nlmsghdr *msg, void **res)
 {
 	int addrlen;
@@ -1546,6 +1554,8 @@ static int ifa_get_local_ip(int family, struct nlmsghdr *msg, void **res)
 	return 0;
 }
 
+#pragma GCC diagnostic pop
+
 static int ip_addr_get(int family, int ifindex, void **res)
 {
 	int answer_len, err;
@@ -1588,6 +1598,9 @@ static int ip_addr_get(int family, int ifindex, void **res)
 	if (err < 0)
 		goto out;
 
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-align"
+
 	do {
 		/* Restore the answer buffer length, it might have been
 		 * overwritten by a previous receive.
@@ -1647,6 +1660,8 @@ static int ip_addr_get(int family, int ifindex, void **res)
 		}
 	} while (readmore);
 
+#pragma GCC diagnostic pop
+
 	/* If we end up here, we didn't find any result, so signal an
 	 * error.
 	 */
@@ -3213,8 +3228,12 @@ int lxc_netns_set_nsid(int fd)
 		return -1;
 
 	memset(buf, 0, sizeof(buf));
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-align"
 	hdr = (struct nlmsghdr *)buf;
 	msg = (struct rtgenmsg *)NLMSG_DATA(hdr);
+#pragma GCC diagnostic pop
 
 	hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*msg));
 	hdr->nlmsg_type = RTM_NEWNSID;
@@ -3252,7 +3271,10 @@ static int parse_rtattr(struct rtattr *tb[], int max, struct rtattr *rta, int le
 		if ((type <= max) && (!tb[type]))
 			tb[type] = rta;
 
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-align"
 		rta = RTA_NEXT(rta, len);
+#pragma GCC diagnostic pop
 	}
 
 	return 0;
@@ -3287,8 +3309,12 @@ int lxc_netns_get_nsid(int fd)
 		return -1;
 
 	memset(buf, 0, sizeof(buf));
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-align"
 	hdr = (struct nlmsghdr *)buf;
 	msg = (struct rtgenmsg *)NLMSG_DATA(hdr);
+#pragma GCC diagnostic pop
 
 	hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*msg));
 	hdr->nlmsg_type = RTM_GETNSID;
@@ -3313,9 +3339,12 @@ int lxc_netns_get_nsid(int fd)
 	if (len < 0)
 		return -1;
 
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-align"
 	parse_rtattr(tb, __LXC_NETNSA_MAX, NETNS_RTA(msg), len);
 	if (tb[__LXC_NETNSA_NSID])
 		return rta_getattr_s32(tb[__LXC_NETNSA_NSID]);
+#pragma GCC diagnostic pop
 
 	return -1;
 }

src/lxc/rtnl.c

@@ -42,6 +42,9 @@ extern int rtnetlink_close(struct rtnl_handler *handler)
 	return netlink_close(&handler->nlh);
 }
 
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-align"
+
 extern int rtnetlink_rcv(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg)
 {
 	return netlink_rcv(&handler->nlh, (struct nlmsg *)&rtnlmsg->nlmsghdr);
@@ -62,6 +65,8 @@ extern int rtnetlink_transaction(struct rtnl_handler *handler,
 				   (struct nlmsg *)&answer->nlmsghdr);
 }
 
+#pragma GCC diagnostic pop
+
 extern struct rtnlmsg *rtnlmsg_alloc(size_t size)
 {
 	/*