From 2b2f3e02697cd706ed55ed60cafaf6d6c2019701 Mon Sep 17 00:00:00 2001 From: Marc Date: Sun, 16 Oct 2022 20:50:01 +0100 Subject: build: Enable more compiler security flags --- CMakeLists.txt | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) (limited to 'CMakeLists.txt') diff --git a/CMakeLists.txt b/CMakeLists.txt index 4f1b89e..64199da 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -7,11 +7,30 @@ execute_process(COMMAND git log -1 --pretty=format:%h OUTPUT_STRIP_TRAILING_WHIT execute_process(COMMAND date OUTPUT_STRIP_TRAILING_WHITESPACE OUTPUT_VARIABLE BUILDTIME) set(LIBWIFI_VERSION "0.0.8") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu17") -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra") -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pedantic -Wno-language-extension-token") +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wformat=2") +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector-strong -D_FORTIFY_SOURCE=2 ") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-prototypes -Wstrict-prototypes") -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector-strong") +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2") + +if(CMAKE_CXX_COMPILER_ID MATCHES "^(Apple)?Clang$") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Walloca -Wformat-security -Wnull-dereference -Wstack-protector") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla -Warray-bounds -Warray-bounds-pointer-arithmetic -Wassign-enum -Wbad-function-cast") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wconditional-uninitialized -Wfloat-equal -Wformat-type-confusion -Widiomatic-parentheses") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wimplicit-fallthrough -Wloop-analysis -Wpointer-arith") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wswitch-enum -Wtautological-constant-in-range-compare -Wunreachable-code-aggressive -Wcomma") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") +else() + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation=2 -Wformat-security -Wnull-dereference -Wstack-protector") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wtrampolines -Walloca -Wvla -Warray-bounds=2 -Wimplicit-fallthrough=3 -Wtraditional-conversion") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshift-overflow=2 -Wcast-qual -Wstringop-overflow=4 -Wconversion -Warith-conversion -Wlogical-op") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wduplicated-cond -Wduplicated-branches -Wformat-signedness -Wshadow -Wstrict-overflow=4 -Wundef") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wstrict-prototypes -Wswitch-default -Wswitch-enum -Wstack-usage=1000000 -Wcast-align=strict") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-clash-protection -fPIE -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-z,separate-code") +endif(CMAKE_CXX_COMPILER_ID MATCHES "^(Apple)?Clang$") + + set(CMAKE_MACOSX_RPATH 1) -- cgit 1.4.1 From 9df744556c0b05e3f6eedc95b356fdb1e53ca90e Mon Sep 17 00:00:00 2001 From: Marc Date: Sun, 16 Oct 2022 20:52:05 +0100 Subject: build: Drop -Warith-conversion --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'CMakeLists.txt') diff --git a/CMakeLists.txt b/CMakeLists.txt index 64199da..54e2441 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -24,7 +24,7 @@ if(CMAKE_CXX_COMPILER_ID MATCHES "^(Apple)?Clang$") else() set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation=2 -Wformat-security -Wnull-dereference -Wstack-protector") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wtrampolines -Walloca -Wvla -Warray-bounds=2 -Wimplicit-fallthrough=3 -Wtraditional-conversion") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshift-overflow=2 -Wcast-qual -Wstringop-overflow=4 -Wconversion -Warith-conversion -Wlogical-op") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshift-overflow=2 -Wcast-qual -Wstringop-overflow=4 -Wconversion -Wlogical-op") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wduplicated-cond -Wduplicated-branches -Wformat-signedness -Wshadow -Wstrict-overflow=4 -Wundef") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wstrict-prototypes -Wswitch-default -Wswitch-enum -Wstack-usage=1000000 -Wcast-align=strict") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-clash-protection -fPIE -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-z,separate-code") -- cgit 1.4.1 From 143ab187cb54abe858db829b4f310a1c27928c65 Mon Sep 17 00:00:00 2001 From: Marc Date: Sun, 15 Jan 2023 20:40:26 +1100 Subject: build: Prevent PIE warning on shared lib --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'CMakeLists.txt') diff --git a/CMakeLists.txt b/CMakeLists.txt index 54e2441..750eb52 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,14 +20,13 @@ if(CMAKE_CXX_COMPILER_ID MATCHES "^(Apple)?Clang$") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wconditional-uninitialized -Wfloat-equal -Wformat-type-confusion -Widiomatic-parentheses") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wimplicit-fallthrough -Wloop-analysis -Wpointer-arith") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wswitch-enum -Wtautological-constant-in-range-compare -Wunreachable-code-aggressive -Wcomma") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") else() set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation=2 -Wformat-security -Wnull-dereference -Wstack-protector") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wtrampolines -Walloca -Wvla -Warray-bounds=2 -Wimplicit-fallthrough=3 -Wtraditional-conversion") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshift-overflow=2 -Wcast-qual -Wstringop-overflow=4 -Wconversion -Wlogical-op") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wduplicated-cond -Wduplicated-branches -Wformat-signedness -Wshadow -Wstrict-overflow=4 -Wundef") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wstrict-prototypes -Wswitch-default -Wswitch-enum -Wstack-usage=1000000 -Wcast-align=strict") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-clash-protection -fPIE -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-z,separate-code") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-clash-protection -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-z,separate-code") endif(CMAKE_CXX_COMPILER_ID MATCHES "^(Apple)?Clang$") @@ -69,6 +68,7 @@ set_target_properties(wifi PROPERTIES SOVERSION 0) set_target_properties(wifi PROPERTIES PUBLIC_HEADER src/libwifi.h) add_library(wifi_static STATIC ${libwifi_src}) +set_target_properties(wifi_static PROPERTIES COMPILE_FLAGS "${CMAKE_C_FLAGS} -fPIE") set_target_properties(wifi_static PROPERTIES LINKER_LANGUAGE C) set_target_properties(wifi_static PROPERTIES VERSION ${LIBWIFI_VERSION}) set_target_properties(wifi_static PROPERTIES PUBLIC_HEADER src/libwifi.h) -- cgit 1.4.1