summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2015-07-14 17:43:50 +0200
committerChristian Grothoff <christian@grothoff.org>2015-07-14 17:43:50 +0200
commit4d4319b84a92d56a1871f7507de34137fb644fb0 (patch)
tree7a25965d12ffb2ad2a59cf9dde3d4ed826736f7c
parent7b6c4a061f714dca55144349fa5125c3d33dfaca (diff)
downloadexchange-4d4319b84a92d56a1871f7507de34137fb644fb0.tar.gz
exchange-4d4319b84a92d56a1871f7507de34137fb644fb0.tar.bz2
exchange-4d4319b84a92d56a1871f7507de34137fb644fb0.zip
-off by 1
-rw-r--r--configure.ac22
-rw-r--r--src/mint/taler-mint-httpd_parsing.c2
2 files changed, 23 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac
index 2ead756dd..f48835dff 100644
--- a/configure.ac
+++ b/configure.ac
@@ -236,6 +236,28 @@ AS_IF([test "x$enableval" = "xno"], [enable_dev=0])
AC_DEFINE_UNQUOTED([HAVE_DEVELOPER],[$enable_dev],[1 if developer logic is enabled, 0 otherwise])
+
+# Adam shostack suggests the following for Windows:
+# -D_FORTIFY_SOURCE=2 -fstack-protector-all
+AC_ARG_ENABLE(gcc-hardening,
+ AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks),
+[if test x$enableval = xyes; then
+ CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-all"
+ CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
+ CFLAGS="$CFLAGS --param ssp-buffer-size=1"
+ LDFLAGS="$LDFLAGS -pie"
+fi])
+
+
+# Linker hardening options
+# Currently these options are ELF specific - you can't use this with MacOSX
+AC_ARG_ENABLE(linker-hardening,
+ AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups),
+[if test x$enableval = xyes; then
+ LDFLAGS="$LDFLAGS -z relro -z now"
+fi])
+
+
# logging
extra_logging=0
AC_ARG_ENABLE([logging],
diff --git a/src/mint/taler-mint-httpd_parsing.c b/src/mint/taler-mint-httpd_parsing.c
index 78380f861..1844fa881 100644
--- a/src/mint/taler-mint-httpd_parsing.c
+++ b/src/mint/taler-mint-httpd_parsing.c
@@ -956,7 +956,7 @@ TMH_PARSE_json_data (struct MHD_Connection *connection,
}
if (GNUNET_YES != ret)
release_data (spec,
- i);
+ i - 1);
return ret;
}