import/stf 1 5 3

.github/workflows/linter.yml

@@ -5,11 +5,11 @@ on: push
 jobs:
   clang-lint:
     name: Lint code base
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Run clang-format-lint
         uses: DoozyX/clang-format-lint-action@v0.11
         with:
@@ -18,13 +18,22 @@ jobs:
           clangFormatVersion: 10
           inplace: True
       - name: Check build
-        run: docker run -i --volume $GITHUB_WORKSPACE:/src/sg-bridge:z --workdir /src/sg-bridge fedora:32 /bin/sh -c 'sh ./build/build_checks.sh'
+        run: docker run -i --volume $GITHUB_WORKSPACE:/src/sg-bridge:z --workdir /src/sg-bridge fedora:latest /bin/sh -c 'sh ./build/build_checks.sh'
       - name: Commit in-place changes based on linting recommendations
-        uses: EndBug/add-and-commit@v4
+        uses: EndBug/add-and-commit@v9
         with:
           author_name: InfraWatch CI
           author_email: robot@infra.watch
           message: 'Committing clang-format changes'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+  docker-build-check:
+    name: Check Dockerfile results in successful build
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Check build of Dockerfile is successful
+        run: docker build -t sg-bridge:check-build -f build/Dockerfile .

Makefile

@@ -1,7 +1,7 @@
 
 MAJOR?=0
 MINOR?=1
- 
+
 VERSION=$(MAJOR).$(MINOR)
 
 BIN := bridge
@@ -22,17 +22,17 @@ $(shell mkdir -p $(dir $(OBJS)) >/dev/null)
 $(shell mkdir -p $(dir $(DEPS)) >/dev/null)
 
 CC=gcc
-CFLAGS+=-Wall -O3 -std=gnu99
+CFLAGS+=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
 LDLIBS=-lqpid-proton -lpthread
-LDFLAGS+=
+LDFLAGS+=-Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1
 
 DEPFLAGS = -MT $@ -MD -MP -MF $(DEPDIR)/$*.Td
 
 # compile C source files
 COMPILE.c = $(CC) $(DEPFLAGS) $(CFLAGS) $(CPPFLAGS) -c -o $@
 
 # link object files to binary
-LINK.o = $(LD) $(LDFLAGS) $(LDLIBS) -o $@
+LINK.o = $(LD) $(LDFLAGS) $(CFLAGS) $(LDLIBS) -o $@
 
 # precompile step
 PRECOMPILE =
@@ -62,7 +62,7 @@ image: version-check
 	@echo 'Done.'
 
 $(BIN): $(OBJS)
-	$(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS)
+	$(CC) -o $@ $^ $(LDFLAGS) $(CFLAGS) $(LDLIBS)
 
 $(OBJDIR)/%.o: %.c
 $(OBJDIR)/%.o: %.c $(DEPDIR)/%.d

amqp_rcv_th.c

@@ -55,6 +55,7 @@ static void handle_receive(app_data_t *app, pn_event_t *event,
     if (pn_delivery_readable(d)) {
         pn_link_t *l = pn_delivery_link(d);
         size_t size = pn_delivery_pending(d);
+        bool too_long = false;
 
         pn_rwbytes_t *m =
             rb_get_head(app->rbin); /* Append data to incoming message buffer */
@@ -63,7 +64,19 @@ static void handle_receive(app_data_t *app, pn_event_t *event,
         // First time through m->size = 0 for a partial message...
         size_t oldsize = m->size;
         m->size += size;
-        recv = pn_link_recv(l, m->start + oldsize, size);
+        if (m->size >= app->ring_buffer_size) {
+            fprintf(stderr,
+                    "Message too long: %ldB >= %dB.\n"
+                    "You may want to increase the ring buffer size.\n",
+                    m->size, app->ring_buffer_size);
+            // I can't figure out how to stop processing the delivery
+            // without reading everything, so just read from the start
+            // of the buffer and discard it later.
+            recv = pn_link_recv(l, m->start, size);
+            too_long = true;
+        } else {
+            recv = pn_link_recv(l, m->start + oldsize, size);
+        }
         if (recv == PN_ABORTED) {
             printf("Message aborted\n");
             fflush(stdout);
@@ -77,9 +90,13 @@ static void handle_receive(app_data_t *app, pn_event_t *event,
             pn_link_close(l); /* Unexpected error, close the link */
         } else if (!pn_delivery_partial(d)) { /* Message is complete */
             // Place in the ring buffer HERE
-            rb_put(app->rbin);
+            if (too_long) {
+                m->size = 0; /* Forget the data we accumulated */
+            } else {
+                rb_put(app->rbin);
+                app->amqp_received++;
+            }
 
-            app->amqp_received++;
             pn_delivery_update(d, PN_ACCEPTED);
             pn_delivery_settle(d); /* settle and free d */
 

build/Dockerfile

@@ -4,8 +4,11 @@ FROM registry.access.redhat.com/ubi8 AS builder
 # dependencies for qpid-proton-c
 COPY build/repos/opstools.repo /etc/yum.repos.d/opstools.repo
 
+# redhat-rpm-config is required to provide hardening compiling instructions
+# (such as /usr/lib/rpm/redhat/redhat-hardened-cc1) even though we're not
+# building RPMs here
 RUN dnf install qpid-proton-c-devel --setopt=tsflags=nodocs -y && \
-        dnf install gcc make -y && \
+        dnf install gcc make redhat-rpm-config -y && \
         dnf clean all
 
 ENV D=/home/bridge

build/build_checks.sh

@@ -1,9 +1,6 @@
 #!/usr/bin/env bash
-
 set -ex
 
-dnf install make gcc qpid-proton-c-devel annobin-annocheck rpm-build -y
-
-make 'CFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld'
-
-annocheck bridge
+dnf install make gcc qpid-proton-c-devel annobin-annocheck gcc-plugin-annobin rpm-build -y
+make
+annocheck --verbose --verbose bridge