Skip to content

Commit

Permalink
Fixing issues reported by binary analysis - Hardening checks (#460)
Browse files Browse the repository at this point in the history 
* Adding compiler and linker options for hardening check

* Update config.m4

* Adding fstack protector to compiler options

* Detect platform in config.m4

* Removing the newly added linker flag, because its breaking the PDO_SQLSRV load. Creating a backlog item

* Update config.m4

* Update config.m4

* Testing with -O3

* Adding optimization flag to windows config files

* Update config.w32
  • Loading branch information
@ulvii
ulvii authored Jun 30, 2017
1 parent 76e02d4 commit 58e8a24
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 12 deletions.
12 changes: 7 additions & 5 deletions source/pdo_sqlsrv/config.m4
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,14 @@ if test "$PHP_PDO_SQLSRV" != "no"; then
fi
AC_MSG_RESULT($pdo_sqlsrv_inc_path)


HOST_OS_ARCH=`uname`
if test "${HOST_OS_ARCH}" = "Darwin"; then
MACOSX_DEPLOYMENT_TARGET=`sw_vers -productVersion`
fi

CXXFLAGS="$CXXFLAGS -std=c++11"
CXXFLAGS="$CXXFLAGS -D_FORTIFY_SOURCE=2 -O2"
CXXFLAGS="$CXXFLAGS -fstack-protector"
PHP_REQUIRE_CXX()
PHP_ADD_LIBRARY(stdc++, 1, PDO_SQLSRV_SHARED_LIBADD)
PHP_ADD_LIBRARY(odbc, 1, PDO_SQLSRV_SHARED_LIBADD)
Expand All @@ -66,7 +72,3 @@ if test "$PHP_PDO_SQLSRV" != "no"; then
PHP_ADD_BUILD_DIR([$ext_builddir/shared], 1)
fi

#if (defined __APPLE__ && defined __MACH__) \
MACOSX_DEPLOYMENT_TARGET=`sw_vers -productVersion` \
#endif

1 change: 1 addition & 0 deletions source/pdo_sqlsrv/config.w32
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ if( PHP_PDO_SQLSRV != "no" ) {
ADD_FLAG( "CFLAGS_PDO_SQLSRV", "/EHsc" );
ADD_FLAG( "CFLAGS_PDO_SQLSRV", "/GS" );
ADD_FLAG( "CFLAGS_PDO_SQLSRV", "/Zi" );
ADD_FLAG( "CFLAGS_PDO_SQLSRV", "/O2" );
ADD_FLAG( "CFLAGS_PDO_SQLSRV", "/D ZEND_WIN32_FORCE_INLINE" );
ADD_EXTENSION_DEP('pdo_sqlsrv', 'pdo');
EXTENSION("pdo_sqlsrv", pdo_sqlsrv_src_class, PHP_PDO_SQLSRV_SHARED, "/DZEND_ENABLE_STATIC_TSRMLS_CACHE=1");
Expand Down
16 changes: 9 additions & 7 deletions source/sqlsrv/config.m4
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,16 @@ if test "$PHP_SQLSRV" != "no"; then
else
AC_MSG_ERROR([Cannot find SQLSRV headers])
fi
AC_MSG_RESULT($sqlsrv_inc_path)

AC_MSG_RESULT($sqlsrv_inc_path)

HOST_OS_ARCH=`uname`
if test "${HOST_OS_ARCH}" = "Darwin"; then
MACOSX_DEPLOYMENT_TARGET=`sw_vers -productVersion`
fi

CXXFLAGS="$CXXFLAGS -std=c++11"
CXXFLAGS="$CXXFLAGS -D_FORTIFY_SOURCE=2 -O2"
CXXFLAGS="$CXXFLAGS -fstack-protector"
PHP_REQUIRE_CXX()
PHP_ADD_LIBRARY(stdc++, 1, SQLSRV_SHARED_LIBADD)
PHP_ADD_LIBRARY(odbc, 1, SQLSRV_SHARED_LIBADD)
Expand All @@ -40,8 +47,3 @@ if test "$PHP_SQLSRV" != "no"; then
PHP_NEW_EXTENSION(sqlsrv, $sqlsrv_src_class $shared_src_class, $ext_shared,,-std=c++11)
PHP_ADD_BUILD_DIR([$ext_builddir/shared], 1)
fi

#if (defined __APPLE__ && defined __MACH__) \
MACOSX_DEPLOYMENT_TARGET=`sw_vers -productVersion` \
#endif

1 change: 1 addition & 0 deletions source/sqlsrv/config.w32
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ if( PHP_SQLSRV != "no" ) {
ADD_FLAG( "CFLAGS_SQLSRV", "/EHsc" );
ADD_FLAG( "CFLAGS_SQLSRV", "/GS" );
ADD_FLAG( "CFLAGS_SQLSRV", "/Zi" );
ADD_FLAG( "CFLAGS_SQLSRV", "/O2" );
EXTENSION("sqlsrv", sqlsrv_src_class , PHP_SQLSRV_SHARED, "/DZEND_ENABLE_STATIC_TSRMLS_CACHE=1");
} else {
WARNING("sqlsrv not enabled; libraries and headers not found");
Expand Down

0 comments on commit 58e8a24

Please sign in to comment.