Mercurial > hg > orthanc

changeset 5357:fddb5d8d0021

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Prevent the leak of the full path of the source files in the binaries
author Sebastien Jodogne <s.jodogne@gmail.com>
date Thu, 06 Jul 2023 17:04:31 +0200
parents 65b4e6ae2703
children 0069769cab66
files NEWS OrthancFramework/Resources/CMake/Compiler.cmake OrthancFramework/Resources/CMake/LibCurlConfiguration.cmake OrthancFramework/Resources/Patches/civetweb-1.14.patch OrthancFramework/Resources/ProtocolBuffers/CMakeLists.txt OrthancFramework/Resources/ProtocolBuffers/ProtobufLibrary.cmake OrthancFramework/SharedLibrary/CMakeLists.txt OrthancFramework/Sources/Logging.h OrthancFramework/Sources/SQLite/Connection.h OrthancServer/CMakeLists.txt OrthancServer/Plugins/Samples/AutomatedJpeg2kCompression/CMakeLists.txt OrthancServer/Plugins/Samples/Basic/CMakeLists.txt OrthancServer/Plugins/Samples/ConnectivityChecks/CMakeLists.txt OrthancServer/Plugins/Samples/CustomImageDecoder/CMakeLists.txt OrthancServer/Plugins/Samples/DelayedDeletion/CMakeLists.txt OrthancServer/Plugins/Samples/MultitenantDicom/CMakeLists.txt OrthancServer/Plugins/Samples/Sanitizer/CMakeLists.txt OrthancServer/Plugins/Samples/WebSkeleton/CMakeLists.txt OrthancServer/Resources/PreventProtobufDirectoryLeaks.py OrthancServer/Sources/OrthancInitialization.cpp
diffstat 20 files changed, 175 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/NEWS	Tue Jul 04 18:39:52 2023 +0200
+++ b/NEWS	Thu Jul 06 17:04:31 2023 +0200
@@ -1,6 +1,11 @@
 Pending changes in the mainline
 ===============================
 
+Maintenance
+-----------
+
+* Prevent the leak of the full path of the source files in the binaries
+
 
 Version 1.12.1 (2023-07-04)
 ===========================
--- a/OrthancFramework/Resources/CMake/Compiler.cmake	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancFramework/Resources/CMake/Compiler.cmake	Thu Jul 06 17:04:31 2023 +0200
@@ -263,3 +263,19 @@
   # preceding batches. https://cmake.org/Bug/view.php?id=14874
   set(CMAKE_CXX_ARCHIVE_APPEND "<CMAKE_AR> <LINK_FLAGS> q <TARGET> <OBJECTS>")
 endif()
+
+
+# This function defines macro "__ORTHANC_FILE__" as a replacement to
+# macro "__FILE__", as the latter leaks the full path of the source
+# files in the binaries
+# https://stackoverflow.com/questions/8487986/file-macro-shows-full-path
+# https://twitter.com/wget42/status/1676877802375634944?s=20
+function(DefineSourceBasenameForTarget targetname)
+  get_target_property(source_files "${targetname}" SOURCES)
+  foreach(sourcefile ${source_files})
+    get_filename_component(basename "${sourcefile}" NAME)
+    set_property(
+      SOURCE "${sourcefile}" APPEND
+      PROPERTY COMPILE_DEFINITIONS "__ORTHANC_FILE__=\"${basename}\"")
+  endforeach()
+endfunction()
--- a/OrthancFramework/Resources/CMake/LibCurlConfiguration.cmake	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancFramework/Resources/CMake/LibCurlConfiguration.cmake	Thu Jul 06 17:04:31 2023 +0200
@@ -109,7 +109,7 @@
     endif()
 
     set_property(
-      SOURCE ${CURL_SOURCES}
+      SOURCE ${CURL_SOURCES} APPEND
       PROPERTY COMPILE_DEFINITIONS "HAVE_CONFIG_H=1;OS=\"${TMP_OS}\""
       )
    
--- a/OrthancFramework/Resources/Patches/civetweb-1.14.patch	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancFramework/Resources/Patches/civetweb-1.14.patch	Thu Jul 06 17:04:31 2023 +0200
@@ -1,6 +1,38 @@
 diff -urEb civetweb-1.14.orig/src/civetweb.c civetweb-1.14/src/civetweb.c
---- civetweb-1.14.orig/src/civetweb.c	2021-06-21 17:42:52.343136123 +0200
-+++ civetweb-1.14/src/civetweb.c	2021-06-21 17:43:11.623158128 +0200
+--- civetweb-1.14.orig/src/civetweb.c	2023-07-06 15:48:01.163703913 +0200
++++ civetweb-1.14/src/civetweb.c	2023-07-06 15:48:51.207843938 +0200
+@@ -567,7 +567,7 @@
+ #if (_MSC_VER < 1300)
+ #define STRX(x) #x
+ #define STR(x) STRX(x)
+-#define __func__ __FILE__ ":" STR(__LINE__)
++#define __func__ __ORTHANC_FILE__ ":" STR(__LINE__)
+ #define strtoull(x, y, z) ((unsigned __int64)_atoi64(x))
+ #define strtoll(x, y, z) (_atoi64(x))
+ #else
+@@ -1450,14 +1450,14 @@
+ }
+ 
+ 
+-#define mg_malloc(a) mg_malloc_ex(a, NULL, __FILE__, __LINE__)
+-#define mg_calloc(a, b) mg_calloc_ex(a, b, NULL, __FILE__, __LINE__)
+-#define mg_realloc(a, b) mg_realloc_ex(a, b, NULL, __FILE__, __LINE__)
+-#define mg_free(a) mg_free_ex(a, __FILE__, __LINE__)
+-
+-#define mg_malloc_ctx(a, c) mg_malloc_ex(a, c, __FILE__, __LINE__)
+-#define mg_calloc_ctx(a, b, c) mg_calloc_ex(a, b, c, __FILE__, __LINE__)
+-#define mg_realloc_ctx(a, b, c) mg_realloc_ex(a, b, c, __FILE__, __LINE__)
++#define mg_malloc(a) mg_malloc_ex(a, NULL, __ORTHANC_FILE__, __LINE__)
++#define mg_calloc(a, b) mg_calloc_ex(a, b, NULL, __ORTHANC_FILE__, __LINE__)
++#define mg_realloc(a, b) mg_realloc_ex(a, b, NULL, __ORTHANC_FILE__, __LINE__)
++#define mg_free(a) mg_free_ex(a, __ORTHANC_FILE__, __LINE__)
++
++#define mg_malloc_ctx(a, c) mg_malloc_ex(a, c, __ORTHANC_FILE__, __LINE__)
++#define mg_calloc_ctx(a, b, c) mg_calloc_ex(a, b, c, __ORTHANC_FILE__, __LINE__)
++#define mg_realloc_ctx(a, b, c) mg_realloc_ex(a, b, c, __ORTHANC_FILE__, __LINE__)
+ 
+ 
+ #else /* USE_SERVER_STATS */
 @@ -1774,6 +1774,7 @@
  #if !defined(OPENSSL_API_3_0)
  #define OPENSSL_API_3_0
--- a/OrthancFramework/Resources/ProtocolBuffers/CMakeLists.txt	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancFramework/Resources/ProtocolBuffers/CMakeLists.txt	Thu Jul 06 17:04:31 2023 +0200
@@ -133,7 +133,7 @@
 
 if (NOT CMAKE_SYSTEM_NAME STREQUAL "Windows")
   set_property(
-    SOURCE ${PROTOBUF_COMPILER_SOURCES}
+    SOURCE ${PROTOBUF_COMPILER_SOURCES} APPEND
     PROPERTY COMPILE_DEFINITIONS "HAVE_PTHREAD=1"
     )
 endif()
--- a/OrthancFramework/Resources/ProtocolBuffers/ProtobufLibrary.cmake	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancFramework/Resources/ProtocolBuffers/ProtobufLibrary.cmake	Thu Jul 06 17:04:31 2023 +0200
@@ -138,7 +138,7 @@
 
 if (NOT CMAKE_SYSTEM_NAME STREQUAL "Windows")
   set_property(
-    SOURCE ${PROTOBUF_LIBRARY_SOURCES}
+    SOURCE ${PROTOBUF_LIBRARY_SOURCES} APPEND
     PROPERTY COMPILE_DEFINITIONS "HAVE_PTHREAD=1"
     )
 endif()
--- a/OrthancFramework/SharedLibrary/CMakeLists.txt	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancFramework/SharedLibrary/CMakeLists.txt	Thu Jul 06 17:04:31 2023 +0200
@@ -305,6 +305,8 @@
     # plugins (the latter being shared libraries)
     set_property(TARGET OrthancFramework PROPERTY POSITION_INDEPENDENT_CODE ON)
   endif()
+
+  DefineSourceBasenameForTarget(OrthancFramework)
 endif()
 
 
--- a/OrthancFramework/Sources/Logging.h	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancFramework/Sources/Logging.h	Thu Jul 06 17:04:31 2023 +0200
@@ -157,15 +157,25 @@
 #  define VLOG(unused)          ::Orthanc::Logging::NullStream()
 #  define CLOG(level, category) ::Orthanc::Logging::NullStream()
 #else /* ORTHANC_ENABLE_LOGGING == 1 */
-#  define LOG(level)     ::Orthanc::Logging::InternalLogger     \
-  (::Orthanc::Logging::LogLevel_ ## level,                      \
-   ::Orthanc::Logging::LogCategory_GENERIC, __FILE__, __LINE__)
-#  define VLOG(unused)   ::Orthanc::Logging::InternalLogger     \
-  (::Orthanc::Logging::LogLevel_TRACE,                          \
-   ::Orthanc::Logging::LogCategory_GENERIC, __FILE__, __LINE__)
+
+#if !defined(__ORTHANC_FILE__)
+#  if defined(_MSC_VER)
+#    pragma message("Warning: Macro __ORTHANC_FILE__ is not defined, this will leak the full path of the source files in the binaries")
+#  else
+#    warning Warning: Macro __ORTHANC_FILE__ is not defined, this will leak the full path of the source files in the binaries
+#  endif
+#  define __ORTHANC_FILE__ __FILE__
+#endif
+
+#  define LOG(level)     ::Orthanc::Logging::InternalLogger             \
+  (::Orthanc::Logging::LogLevel_ ## level,                              \
+   ::Orthanc::Logging::LogCategory_GENERIC, __ORTHANC_FILE__, __LINE__)
+#  define VLOG(unused)   ::Orthanc::Logging::InternalLogger             \
+  (::Orthanc::Logging::LogLevel_TRACE,                                  \
+   ::Orthanc::Logging::LogCategory_GENERIC, __ORTHANC_FILE__, __LINE__)
 #  define CLOG(level, category) ::Orthanc::Logging::InternalLogger      \
   (::Orthanc::Logging::LogLevel_ ## level,                              \
-   ::Orthanc::Logging::LogCategory_ ## category, __FILE__, __LINE__)
+   ::Orthanc::Logging::LogCategory_ ## category, __ORTHANC_FILE__, __LINE__)
 #endif
 
 
--- a/OrthancFramework/Sources/SQLite/Connection.h	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancFramework/Sources/SQLite/Connection.h	Thu Jul 06 17:04:31 2023 +0200
@@ -46,7 +46,16 @@
 #include <string>
 #include <map>
 
-#define SQLITE_FROM_HERE ::Orthanc::SQLite::StatementId(__FILE__, __LINE__)
+#if !defined(__ORTHANC_FILE__)
+#  if defined(_MSC_VER)
+#    pragma message("Warning: Macro __ORTHANC_FILE__ is not defined, this will leak the full path of the source files in the binaries")
+#  else
+#    warning Warning: Macro __ORTHANC_FILE__ is not defined, this will leak the full path of the source files in the binaries
+#  endif
+#  define __ORTHANC_FILE__ __FILE__
+#endif
+
+#define SQLITE_FROM_HERE ::Orthanc::SQLite::StatementId(__ORTHANC_FILE__, __LINE__)
 
 namespace Orthanc
 {
--- a/OrthancServer/CMakeLists.txt	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancServer/CMakeLists.txt	Thu Jul 06 17:04:31 2023 +0200
@@ -379,6 +379,8 @@
   ${AUTOGENERATED_SOURCES}
   )
 
+DefineSourceBasenameForTarget(CoreLibrary)
+
 add_dependencies(CoreLibrary AutogeneratedTarget)
 
 if (LIBICU_LIBRARIES)
@@ -394,8 +396,11 @@
   add_custom_command(
     COMMAND
     ${PROTOC_EXECUTABLE} ${CMAKE_SOURCE_DIR}/Plugins/Include/orthanc/OrthancDatabasePlugin.proto --cpp_out=${AUTOGENERATED_DIR} -I${CMAKE_SOURCE_DIR}/Plugins/Include/orthanc
+    COMMAND
+    ${PYTHON_EXECUTABLE} ${CMAKE_SOURCE_DIR}/Resources/PreventProtobufDirectoryLeaks.py ${AUTOGENERATED_DIR}/OrthancDatabasePlugin.pb.cc
     DEPENDS
     ProtobufCompiler
+    ${CMAKE_SOURCE_DIR}/Resources/PreventProtobufDirectoryLeaks.py
     ${CMAKE_SOURCE_DIR}/Plugins/Include/orthanc/OrthancDatabasePlugin.proto
     OUTPUT
     ${AUTOGENERATED_DIR}/OrthancDatabasePlugin.pb.cc
@@ -420,6 +425,8 @@
   ${ORTHANC_SERVER_SOURCES}
   )
 
+DefineSourceBasenameForTarget(ServerLibrary)
+
 # Ensure autogenerated code is built before building ServerLibrary
 add_dependencies(ServerLibrary CoreLibrary OrthancDatabaseProtobuf)
 
@@ -428,6 +435,8 @@
   ${ORTHANC_RESOURCES}
   )
 
+DefineSourceBasenameForTarget(Orthanc)
+
 target_link_libraries(Orthanc ServerLibrary CoreLibrary ${DCMTK_LIBRARIES})
 
 if ("${CMAKE_SYSTEM_VERSION}" STREQUAL "LinuxStandardBase")
@@ -458,6 +467,8 @@
   ${BOOST_EXTENDED_SOURCES}
   )
 
+DefineSourceBasenameForTarget(UnitTests)
+
 target_link_libraries(UnitTests
   ServerLibrary
   CoreLibrary
@@ -506,6 +517,8 @@
     ${PLUGINS_DEPENDENCIES_SOURCES}
     )
 
+  DefineSourceBasenameForTarget(PluginsDependencies)
+
   # Add the "-fPIC" option as this static library must be embedded
   # inside shared libraries (important on UNIX)
   set_target_properties(
@@ -546,6 +559,8 @@
     ${SERVE_FOLDERS_RESOURCES}
     )
 
+  DefineSourceBasenameForTarget(ServeFolders)
+
   target_link_libraries(ServeFolders PluginsDependencies)
 
   set_target_properties(
@@ -594,6 +609,8 @@
     ${MODALITY_WORKLISTS_RESOURCES}
     )
 
+  DefineSourceBasenameForTarget(ModalityWorklists)
+
   target_link_libraries(ModalityWorklists PluginsDependencies)
 
   set_target_properties(
@@ -655,7 +672,9 @@
     ${CMAKE_SOURCE_DIR}/Plugins/Samples/ConnectivityChecks/OrthancFrameworkDependencies.cpp
     ${CONNECTIVITY_CHECKS_RESOURCES}
     )
-  
+
+  DefineSourceBasenameForTarget(ConnectivityChecks)
+
   target_link_libraries(ConnectivityChecks PluginsDependencies)
   
   set_target_properties(
@@ -708,6 +727,8 @@
     ${DELAYED_DELETION_RESOURCES}
     )
   
+  DefineSourceBasenameForTarget(DelayedDeletion)
+
   target_link_libraries(DelayedDeletion PluginsDependencies)
   
   set_target_properties(
@@ -755,6 +776,8 @@
     ${HOUSEKEEPER_RESOURCES}
     )
   
+  DefineSourceBasenameForTarget(Housekeeper)
+
   target_link_libraries(Housekeeper PluginsDependencies)
   
   set_target_properties(
@@ -820,6 +843,8 @@
     ${MULTITENANT_DICOM_RESOURCES}
     )
   
+  DefineSourceBasenameForTarget(MultitenantDicom)
+
   target_link_libraries(MultitenantDicom PluginsDependencies ${DCMTK_LIBRARIES})
   
   set_target_properties(
@@ -865,6 +890,7 @@
   endif()
 
   add_executable(OrthancRecoverCompressedFile ${RECOVER_COMPRESSED_SOURCES})
+  DefineSourceBasenameForTarget(OrthancRecoverCompressedFile)
 
   target_link_libraries(OrthancRecoverCompressedFile CoreLibrary)
 
--- a/OrthancServer/Plugins/Samples/AutomatedJpeg2kCompression/CMakeLists.txt	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancServer/Plugins/Samples/AutomatedJpeg2kCompression/CMakeLists.txt	Thu Jul 06 17:04:31 2023 +0200
@@ -25,3 +25,5 @@
 include(${CMAKE_SOURCE_DIR}/../Common/OrthancPlugins.cmake)
 
 add_library(AutomatedJpeg2kCompression SHARED Plugin.cpp)
+
+DefineSourceBasenameForTarget(AutomatedJpeg2kCompression)
--- a/OrthancServer/Plugins/Samples/Basic/CMakeLists.txt	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancServer/Plugins/Samples/Basic/CMakeLists.txt	Thu Jul 06 17:04:31 2023 +0200
@@ -25,3 +25,5 @@
 include(${CMAKE_SOURCE_DIR}/../Common/OrthancPlugins.cmake)
 
 add_library(PluginTest SHARED Plugin.c)
+
+DefineSourceBasenameForTarget(PluginTest)
--- a/OrthancServer/Plugins/Samples/ConnectivityChecks/CMakeLists.txt	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancServer/Plugins/Samples/ConnectivityChecks/CMakeLists.txt	Thu Jul 06 17:04:31 2023 +0200
@@ -77,6 +77,8 @@
   Plugin.cpp
   )
 
+DefineSourceBasenameForTarget(ConnectivityChecks)
+
 set_target_properties(
   ConnectivityChecks PROPERTIES 
   VERSION ${PLUGIN_VERSION} 
--- a/OrthancServer/Plugins/Samples/CustomImageDecoder/CMakeLists.txt	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancServer/Plugins/Samples/CustomImageDecoder/CMakeLists.txt	Thu Jul 06 17:04:31 2023 +0200
@@ -25,3 +25,5 @@
 include(${CMAKE_SOURCE_DIR}/../Common/OrthancPlugins.cmake)
 
 add_library(PluginTest SHARED Plugin.cpp)
+
+DefineSourceBasenameForTarget(PluginTest)
--- a/OrthancServer/Plugins/Samples/DelayedDeletion/CMakeLists.txt	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancServer/Plugins/Samples/DelayedDeletion/CMakeLists.txt	Thu Jul 06 17:04:31 2023 +0200
@@ -78,6 +78,8 @@
   Plugin.cpp
   )
 
+DefineSourceBasenameForTarget(DelayedDeletion)
+
 set_target_properties(
   DelayedDeletion PROPERTIES 
   VERSION ${PLUGIN_VERSION} 
--- a/OrthancServer/Plugins/Samples/MultitenantDicom/CMakeLists.txt	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancServer/Plugins/Samples/MultitenantDicom/CMakeLists.txt	Thu Jul 06 17:04:31 2023 +0200
@@ -55,6 +55,8 @@
   ${AUTOGENERATED_SOURCES}
   )
 
+DefineSourceBasenameForTarget(MultitenantDicom)
+
 target_link_libraries(MultitenantDicom ${DCMTK_LIBRARIES})
 
 message("Setting the version of the plugin to ${ORTHANC_PLUGIN_VERSION}")
--- a/OrthancServer/Plugins/Samples/Sanitizer/CMakeLists.txt	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancServer/Plugins/Samples/Sanitizer/CMakeLists.txt	Thu Jul 06 17:04:31 2023 +0200
@@ -51,6 +51,8 @@
     ${ORTHANC_DICOM_SOURCES}
     )
 
+DefineSourceBasenameForTarget(Sanitizer)
+
 target_link_libraries(Sanitizer ${DCMTK_LIBRARIES})
 
 
--- a/OrthancServer/Plugins/Samples/WebSkeleton/CMakeLists.txt	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancServer/Plugins/Samples/WebSkeleton/CMakeLists.txt	Thu Jul 06 17:04:31 2023 +0200
@@ -32,3 +32,5 @@
 add_library(WebSkeleton SHARED 
   ${AUTOGENERATED_SOURCES}
   )
+
+DefineSourceBasenameForTarget(WebSkeleton)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/OrthancServer/Resources/PreventProtobufDirectoryLeaks.py	Thu Jul 06 17:04:31 2023 +0200
@@ -0,0 +1,39 @@
+#!/usr/bin/python
+
+# Orthanc - A Lightweight, RESTful DICOM Store
+# Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics
+# Department, University Hospital of Liege, Belgium
+# Copyright (C) 2017-2023 Osimis S.A., Belgium
+# Copyright (C) 2021-2023 Sebastien Jodogne, ICTEAM UCLouvain, Belgium
+#
+# This program is free software: you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+import sys
+
+if len(sys.argv) != 2:
+    raise Exception('Bad number of arguments in %s' % sys.argv[0])
+
+with open(sys.argv[1], 'r') as f:
+    s = f.read()
+
+s = s.replace('__FILE__', '__ORTHANC_FILE__')
+
+s = """
+#undef __FILE__
+#define __FILE__ __ORTHANC_FILE__
+""" + s
+
+with open(sys.argv[1], 'w') as f:
+    f.write(s)
--- a/OrthancServer/Sources/OrthancInitialization.cpp	Tue Jul 04 18:39:52 2023 +0200
+++ b/OrthancServer/Sources/OrthancInitialization.cpp	Thu Jul 06 17:04:31 2023 +0200
@@ -52,6 +52,12 @@
 #include <dcmtk/dcmnet/diutil.h>  // For DCM_dcmnetLogger
 
 #if ORTHANC_ENABLE_PLUGINS == 1
+#  if defined(__ORTHANC_FILE__)
+//   Prevents the system-wide Google Protobuf library from leaking the
+//   full path of this source file
+#    undef __FILE__
+#    define __FILE__ __ORTHANC_FILE__
+#  endif
 #  include <google/protobuf/any.h>
 #endif