{"id":18799752,"url":"https://github.com/jvoisin/fortify-headers","last_synced_at":"2025-04-13T17:30:58.261Z","repository":{"id":151435764,"uuid":"614549144","full_name":"jvoisin/fortify-headers","owner":"jvoisin","description":"Standalone portable header-based implementation of FORTIFY_SOURCE=3","archived":false,"fork":false,"pushed_at":"2025-01-28T12:18:59.000Z","size":242,"stargazers_count":24,"open_issues_count":15,"forks_count":3,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-06T22:43:30.868Z","etag":null,"topics":["c","fortify-source","libc","security"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"0bsd","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jvoisin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-15T20:16:47.000Z","updated_at":"2025-04-05T11:45:35.000Z","dependencies_parsed_at":null,"dependency_job_id":"219b4b8e-ac63-4067-a6be-15a16a31bc8f","html_url":"https://github.com/jvoisin/fortify-headers","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jvoisin%2Ffortify-headers","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jvoisin%2Ffortify-headers/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jvoisin%2Ffortify-headers/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jvoisin%2Ffortify-headers/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jvoisin","download_url":"https://codeload.github.com/jvoisin/fortify-headers/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248752337,"owners_count":21156075,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","fortify-source","libc","security"],"created_at":"2024-11-07T22:16:20.731Z","updated_at":"2025-04-13T17:30:57.994Z","avatar_url":"https://github.com/jvoisin.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# What is it?\n\nThis is a [standalone implementation](https://git.2f30.org/fortify-headers/) of\n[fortify source]( http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html )\nlevel 3, providing compile time security checks.\nIt is libc-agnostic and simply overlays the system headers by using the\n[`#include_next`](https://gcc.gnu.org/onlinedocs/cpp/Wrapper-Headers.html)\nextension found in GCC, and\n[black magic](https://github.com/jvoisin/fortify-headers/commit/fe149628eaae9748be08815d726cc56e8e492c73)\non Clang. It was initially intended to be used on\n[musl](http://www.musl-libc.org/) based\n[Linux distributions](https://git.alpinelinux.org/aports/commit/?id=067a4f28825478911bb62be3b8da758d9722753e).\n\n# Features\n\n- It is portable, works on *BSD, Linux, Solaris and possibly others.\n- It will only trap non-conformant programs. This means that fortify\n  level 2 is treated in the same way as level 1.\n- Avoids making function calls when undefined behaviour has already been\n  invoked. This is handled by using `__builtin_trap()`.\n- Support for out-of-bounds read interfaces, such as send(), write(), fwrite() etc.\n- No ABI is enforced. All of the fortify check functions are inlined\n  into the resulting binary.\n- It has a [comprehensive suite of\n  tests](https://github.com/jvoisin/fortify-headers/tree/master/tests), running\n  both on Clang and on GCC for every commit, on C89, C99, C11 and C17, with\n  [significant coverage](https://jvoisin.github.io/fortify-headers/)\n- Defining `FORTIFY_USE_NATIVE_CHK` will make use of compiler-provided builtin `_chk`\n  functions, which might be a bit better in term of diagnostics,\n  but won't necessarily provide the same amount of security checks.\n- Defining `FORTIFY_PEDANTIC_CHECKS` will enable pedantic checks, that while technically\n  correct, might break some programs relying on widely accepted\n  undefined-behaviours.\n\n# Sample usage\n\nIf you want to quickly test it, you can try something like the following:\n\n```\ncat \u003e fgets.c \u003c\u003cEOF\n#include \u003cstdio.h\u003e\nint\nmain(void)\n{\n\tchar buf[BUFSIZ];\n\tfgets(buf, sizeof(buf) + 1, stdin);\n\treturn 0;\n}\nEOF\ncc -I\u003cpath-to-fortify-include-dir\u003e -D_FORTIFY_SOURCE=3 -O1 fgets.c\n./a.out\n```\n\nAt this point, the program will safely and loudly crash.\n\n\n# Supported interfaces\n\n- `FD_CLR`\n- `FD_SET`\n- `asprintf`\n- `bcopy`\n- `bzero`\n- `calloc`\n- `confstr`\n- `fdopen` \n- `fgets`\n- `fgetws`\n- `fmemopen` \n- `fopen` \n- `fprintf` \n- `fread`\n- `fwrite`\n- `getcwd`\n- `getdomainname`\n- `getgroups`\n- `gethostname`\n- `getlogin_r`\n- `malloc` \n- `mbsnrtowcs`\n- `mbsrtowcs`\n- `mbstowcs`\n- `memchr` \n- `memcpy`\n- `memmove`\n- `mempcpy`\n- `memset`\n- `poll`\n- `popen` \n- `ppoll`\n- `pread`\n- `printf` \n- `pwrite` \n- `qsort` \n- `read`\n- `readlink`\n- `readlinkat`\n- `realloc` \n- `reallocarray` \n- `realpath`\n- `recv`\n- `recvfrom`\n- `select` \n- `send`\n- `sendto`\n- `snprintf`\n- `sprintf`\n- `stpcpy`\n- `stpncpy`\n- `strcat`\n- `strchr`\n- `strcpy`\n- `strlcat`\n- `strlcpy`\n- `strlen`\n- `strncat`\n- `strncpy`\n- `strrchr`\n- `tmpfile` \n- `ttyname_r`\n- `umask` \n- `vfprintf` \n- `vprintf` \n- `vasprintf`\n- `vsnprintf`\n- `vsprintf`\n- `wcrtomb`\n- `wcscat`\n- `wcscpy`\n- `wcsncat`\n- `wcsncpy`\n- `wcsnrtombs`\n- `wcsrtombs`\n- `wcstombs`\n- `wctomb`\n- `wmemcpy`\n- `wmemmove`\n- `wmemset`\n- `write`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjvoisin%2Ffortify-headers","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjvoisin%2Ffortify-headers","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjvoisin%2Ffortify-headers/lists"}