Mercurial > hg > orthanc
changeset 5357:fddb5d8d0021
Prevent the leak of the full path of the source files in the binaries
line wrap: on
line diff
--- a/NEWS Tue Jul 04 18:39:52 2023 +0200 +++ b/NEWS Thu Jul 06 17:04:31 2023 +0200 @@ -1,6 +1,11 @@ Pending changes in the mainline =============================== +Maintenance +----------- + +* Prevent the leak of the full path of the source files in the binaries + Version 1.12.1 (2023-07-04) ===========================
--- a/OrthancFramework/Resources/CMake/Compiler.cmake Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancFramework/Resources/CMake/Compiler.cmake Thu Jul 06 17:04:31 2023 +0200 @@ -263,3 +263,19 @@ # preceding batches. https://cmake.org/Bug/view.php?id=14874 set(CMAKE_CXX_ARCHIVE_APPEND "<CMAKE_AR> <LINK_FLAGS> q <TARGET> <OBJECTS>") endif() + + +# This function defines macro "__ORTHANC_FILE__" as a replacement to +# macro "__FILE__", as the latter leaks the full path of the source +# files in the binaries +# https://stackoverflow.com/questions/8487986/file-macro-shows-full-path +# https://twitter.com/wget42/status/1676877802375634944?s=20 +function(DefineSourceBasenameForTarget targetname) + get_target_property(source_files "${targetname}" SOURCES) + foreach(sourcefile ${source_files}) + get_filename_component(basename "${sourcefile}" NAME) + set_property( + SOURCE "${sourcefile}" APPEND + PROPERTY COMPILE_DEFINITIONS "__ORTHANC_FILE__=\"${basename}\"") + endforeach() +endfunction()
--- a/OrthancFramework/Resources/CMake/LibCurlConfiguration.cmake Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancFramework/Resources/CMake/LibCurlConfiguration.cmake Thu Jul 06 17:04:31 2023 +0200 @@ -109,7 +109,7 @@ endif() set_property( - SOURCE ${CURL_SOURCES} + SOURCE ${CURL_SOURCES} APPEND PROPERTY COMPILE_DEFINITIONS "HAVE_CONFIG_H=1;OS=\"${TMP_OS}\"" )
--- a/OrthancFramework/Resources/Patches/civetweb-1.14.patch Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancFramework/Resources/Patches/civetweb-1.14.patch Thu Jul 06 17:04:31 2023 +0200 @@ -1,6 +1,38 @@ diff -urEb civetweb-1.14.orig/src/civetweb.c civetweb-1.14/src/civetweb.c ---- civetweb-1.14.orig/src/civetweb.c 2021-06-21 17:42:52.343136123 +0200 -+++ civetweb-1.14/src/civetweb.c 2021-06-21 17:43:11.623158128 +0200 +--- civetweb-1.14.orig/src/civetweb.c 2023-07-06 15:48:01.163703913 +0200 ++++ civetweb-1.14/src/civetweb.c 2023-07-06 15:48:51.207843938 +0200 +@@ -567,7 +567,7 @@ + #if (_MSC_VER < 1300) + #define STRX(x) #x + #define STR(x) STRX(x) +-#define __func__ __FILE__ ":" STR(__LINE__) ++#define __func__ __ORTHANC_FILE__ ":" STR(__LINE__) + #define strtoull(x, y, z) ((unsigned __int64)_atoi64(x)) + #define strtoll(x, y, z) (_atoi64(x)) + #else +@@ -1450,14 +1450,14 @@ + } + + +-#define mg_malloc(a) mg_malloc_ex(a, NULL, __FILE__, __LINE__) +-#define mg_calloc(a, b) mg_calloc_ex(a, b, NULL, __FILE__, __LINE__) +-#define mg_realloc(a, b) mg_realloc_ex(a, b, NULL, __FILE__, __LINE__) +-#define mg_free(a) mg_free_ex(a, __FILE__, __LINE__) +- +-#define mg_malloc_ctx(a, c) mg_malloc_ex(a, c, __FILE__, __LINE__) +-#define mg_calloc_ctx(a, b, c) mg_calloc_ex(a, b, c, __FILE__, __LINE__) +-#define mg_realloc_ctx(a, b, c) mg_realloc_ex(a, b, c, __FILE__, __LINE__) ++#define mg_malloc(a) mg_malloc_ex(a, NULL, __ORTHANC_FILE__, __LINE__) ++#define mg_calloc(a, b) mg_calloc_ex(a, b, NULL, __ORTHANC_FILE__, __LINE__) ++#define mg_realloc(a, b) mg_realloc_ex(a, b, NULL, __ORTHANC_FILE__, __LINE__) ++#define mg_free(a) mg_free_ex(a, __ORTHANC_FILE__, __LINE__) ++ ++#define mg_malloc_ctx(a, c) mg_malloc_ex(a, c, __ORTHANC_FILE__, __LINE__) ++#define mg_calloc_ctx(a, b, c) mg_calloc_ex(a, b, c, __ORTHANC_FILE__, __LINE__) ++#define mg_realloc_ctx(a, b, c) mg_realloc_ex(a, b, c, __ORTHANC_FILE__, __LINE__) + + + #else /* USE_SERVER_STATS */ @@ -1774,6 +1774,7 @@ #if !defined(OPENSSL_API_3_0) #define OPENSSL_API_3_0
--- a/OrthancFramework/Resources/ProtocolBuffers/CMakeLists.txt Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancFramework/Resources/ProtocolBuffers/CMakeLists.txt Thu Jul 06 17:04:31 2023 +0200 @@ -133,7 +133,7 @@ if (NOT CMAKE_SYSTEM_NAME STREQUAL "Windows") set_property( - SOURCE ${PROTOBUF_COMPILER_SOURCES} + SOURCE ${PROTOBUF_COMPILER_SOURCES} APPEND PROPERTY COMPILE_DEFINITIONS "HAVE_PTHREAD=1" ) endif()
--- a/OrthancFramework/Resources/ProtocolBuffers/ProtobufLibrary.cmake Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancFramework/Resources/ProtocolBuffers/ProtobufLibrary.cmake Thu Jul 06 17:04:31 2023 +0200 @@ -138,7 +138,7 @@ if (NOT CMAKE_SYSTEM_NAME STREQUAL "Windows") set_property( - SOURCE ${PROTOBUF_LIBRARY_SOURCES} + SOURCE ${PROTOBUF_LIBRARY_SOURCES} APPEND PROPERTY COMPILE_DEFINITIONS "HAVE_PTHREAD=1" ) endif()
--- a/OrthancFramework/SharedLibrary/CMakeLists.txt Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancFramework/SharedLibrary/CMakeLists.txt Thu Jul 06 17:04:31 2023 +0200 @@ -305,6 +305,8 @@ # plugins (the latter being shared libraries) set_property(TARGET OrthancFramework PROPERTY POSITION_INDEPENDENT_CODE ON) endif() + + DefineSourceBasenameForTarget(OrthancFramework) endif()
--- a/OrthancFramework/Sources/Logging.h Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancFramework/Sources/Logging.h Thu Jul 06 17:04:31 2023 +0200 @@ -157,15 +157,25 @@ # define VLOG(unused) ::Orthanc::Logging::NullStream() # define CLOG(level, category) ::Orthanc::Logging::NullStream() #else /* ORTHANC_ENABLE_LOGGING == 1 */ -# define LOG(level) ::Orthanc::Logging::InternalLogger \ - (::Orthanc::Logging::LogLevel_ ## level, \ - ::Orthanc::Logging::LogCategory_GENERIC, __FILE__, __LINE__) -# define VLOG(unused) ::Orthanc::Logging::InternalLogger \ - (::Orthanc::Logging::LogLevel_TRACE, \ - ::Orthanc::Logging::LogCategory_GENERIC, __FILE__, __LINE__) + +#if !defined(__ORTHANC_FILE__) +# if defined(_MSC_VER) +# pragma message("Warning: Macro __ORTHANC_FILE__ is not defined, this will leak the full path of the source files in the binaries") +# else +# warning Warning: Macro __ORTHANC_FILE__ is not defined, this will leak the full path of the source files in the binaries +# endif +# define __ORTHANC_FILE__ __FILE__ +#endif + +# define LOG(level) ::Orthanc::Logging::InternalLogger \ + (::Orthanc::Logging::LogLevel_ ## level, \ + ::Orthanc::Logging::LogCategory_GENERIC, __ORTHANC_FILE__, __LINE__) +# define VLOG(unused) ::Orthanc::Logging::InternalLogger \ + (::Orthanc::Logging::LogLevel_TRACE, \ + ::Orthanc::Logging::LogCategory_GENERIC, __ORTHANC_FILE__, __LINE__) # define CLOG(level, category) ::Orthanc::Logging::InternalLogger \ (::Orthanc::Logging::LogLevel_ ## level, \ - ::Orthanc::Logging::LogCategory_ ## category, __FILE__, __LINE__) + ::Orthanc::Logging::LogCategory_ ## category, __ORTHANC_FILE__, __LINE__) #endif
--- a/OrthancFramework/Sources/SQLite/Connection.h Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancFramework/Sources/SQLite/Connection.h Thu Jul 06 17:04:31 2023 +0200 @@ -46,7 +46,16 @@ #include <string> #include <map> -#define SQLITE_FROM_HERE ::Orthanc::SQLite::StatementId(__FILE__, __LINE__) +#if !defined(__ORTHANC_FILE__) +# if defined(_MSC_VER) +# pragma message("Warning: Macro __ORTHANC_FILE__ is not defined, this will leak the full path of the source files in the binaries") +# else +# warning Warning: Macro __ORTHANC_FILE__ is not defined, this will leak the full path of the source files in the binaries +# endif +# define __ORTHANC_FILE__ __FILE__ +#endif + +#define SQLITE_FROM_HERE ::Orthanc::SQLite::StatementId(__ORTHANC_FILE__, __LINE__) namespace Orthanc {
--- a/OrthancServer/CMakeLists.txt Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancServer/CMakeLists.txt Thu Jul 06 17:04:31 2023 +0200 @@ -379,6 +379,8 @@ ${AUTOGENERATED_SOURCES} ) +DefineSourceBasenameForTarget(CoreLibrary) + add_dependencies(CoreLibrary AutogeneratedTarget) if (LIBICU_LIBRARIES) @@ -394,8 +396,11 @@ add_custom_command( COMMAND ${PROTOC_EXECUTABLE} ${CMAKE_SOURCE_DIR}/Plugins/Include/orthanc/OrthancDatabasePlugin.proto --cpp_out=${AUTOGENERATED_DIR} -I${CMAKE_SOURCE_DIR}/Plugins/Include/orthanc + COMMAND + ${PYTHON_EXECUTABLE} ${CMAKE_SOURCE_DIR}/Resources/PreventProtobufDirectoryLeaks.py ${AUTOGENERATED_DIR}/OrthancDatabasePlugin.pb.cc DEPENDS ProtobufCompiler + ${CMAKE_SOURCE_DIR}/Resources/PreventProtobufDirectoryLeaks.py ${CMAKE_SOURCE_DIR}/Plugins/Include/orthanc/OrthancDatabasePlugin.proto OUTPUT ${AUTOGENERATED_DIR}/OrthancDatabasePlugin.pb.cc @@ -420,6 +425,8 @@ ${ORTHANC_SERVER_SOURCES} ) +DefineSourceBasenameForTarget(ServerLibrary) + # Ensure autogenerated code is built before building ServerLibrary add_dependencies(ServerLibrary CoreLibrary OrthancDatabaseProtobuf) @@ -428,6 +435,8 @@ ${ORTHANC_RESOURCES} ) +DefineSourceBasenameForTarget(Orthanc) + target_link_libraries(Orthanc ServerLibrary CoreLibrary ${DCMTK_LIBRARIES}) if ("${CMAKE_SYSTEM_VERSION}" STREQUAL "LinuxStandardBase") @@ -458,6 +467,8 @@ ${BOOST_EXTENDED_SOURCES} ) +DefineSourceBasenameForTarget(UnitTests) + target_link_libraries(UnitTests ServerLibrary CoreLibrary @@ -506,6 +517,8 @@ ${PLUGINS_DEPENDENCIES_SOURCES} ) + DefineSourceBasenameForTarget(PluginsDependencies) + # Add the "-fPIC" option as this static library must be embedded # inside shared libraries (important on UNIX) set_target_properties( @@ -546,6 +559,8 @@ ${SERVE_FOLDERS_RESOURCES} ) + DefineSourceBasenameForTarget(ServeFolders) + target_link_libraries(ServeFolders PluginsDependencies) set_target_properties( @@ -594,6 +609,8 @@ ${MODALITY_WORKLISTS_RESOURCES} ) + DefineSourceBasenameForTarget(ModalityWorklists) + target_link_libraries(ModalityWorklists PluginsDependencies) set_target_properties( @@ -655,7 +672,9 @@ ${CMAKE_SOURCE_DIR}/Plugins/Samples/ConnectivityChecks/OrthancFrameworkDependencies.cpp ${CONNECTIVITY_CHECKS_RESOURCES} ) - + + DefineSourceBasenameForTarget(ConnectivityChecks) + target_link_libraries(ConnectivityChecks PluginsDependencies) set_target_properties( @@ -708,6 +727,8 @@ ${DELAYED_DELETION_RESOURCES} ) + DefineSourceBasenameForTarget(DelayedDeletion) + target_link_libraries(DelayedDeletion PluginsDependencies) set_target_properties( @@ -755,6 +776,8 @@ ${HOUSEKEEPER_RESOURCES} ) + DefineSourceBasenameForTarget(Housekeeper) + target_link_libraries(Housekeeper PluginsDependencies) set_target_properties( @@ -820,6 +843,8 @@ ${MULTITENANT_DICOM_RESOURCES} ) + DefineSourceBasenameForTarget(MultitenantDicom) + target_link_libraries(MultitenantDicom PluginsDependencies ${DCMTK_LIBRARIES}) set_target_properties( @@ -865,6 +890,7 @@ endif() add_executable(OrthancRecoverCompressedFile ${RECOVER_COMPRESSED_SOURCES}) + DefineSourceBasenameForTarget(OrthancRecoverCompressedFile) target_link_libraries(OrthancRecoverCompressedFile CoreLibrary)
--- a/OrthancServer/Plugins/Samples/AutomatedJpeg2kCompression/CMakeLists.txt Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancServer/Plugins/Samples/AutomatedJpeg2kCompression/CMakeLists.txt Thu Jul 06 17:04:31 2023 +0200 @@ -25,3 +25,5 @@ include(${CMAKE_SOURCE_DIR}/../Common/OrthancPlugins.cmake) add_library(AutomatedJpeg2kCompression SHARED Plugin.cpp) + +DefineSourceBasenameForTarget(AutomatedJpeg2kCompression)
--- a/OrthancServer/Plugins/Samples/Basic/CMakeLists.txt Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancServer/Plugins/Samples/Basic/CMakeLists.txt Thu Jul 06 17:04:31 2023 +0200 @@ -25,3 +25,5 @@ include(${CMAKE_SOURCE_DIR}/../Common/OrthancPlugins.cmake) add_library(PluginTest SHARED Plugin.c) + +DefineSourceBasenameForTarget(PluginTest)
--- a/OrthancServer/Plugins/Samples/ConnectivityChecks/CMakeLists.txt Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancServer/Plugins/Samples/ConnectivityChecks/CMakeLists.txt Thu Jul 06 17:04:31 2023 +0200 @@ -77,6 +77,8 @@ Plugin.cpp ) +DefineSourceBasenameForTarget(ConnectivityChecks) + set_target_properties( ConnectivityChecks PROPERTIES VERSION ${PLUGIN_VERSION}
--- a/OrthancServer/Plugins/Samples/CustomImageDecoder/CMakeLists.txt Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancServer/Plugins/Samples/CustomImageDecoder/CMakeLists.txt Thu Jul 06 17:04:31 2023 +0200 @@ -25,3 +25,5 @@ include(${CMAKE_SOURCE_DIR}/../Common/OrthancPlugins.cmake) add_library(PluginTest SHARED Plugin.cpp) + +DefineSourceBasenameForTarget(PluginTest)
--- a/OrthancServer/Plugins/Samples/DelayedDeletion/CMakeLists.txt Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancServer/Plugins/Samples/DelayedDeletion/CMakeLists.txt Thu Jul 06 17:04:31 2023 +0200 @@ -78,6 +78,8 @@ Plugin.cpp ) +DefineSourceBasenameForTarget(DelayedDeletion) + set_target_properties( DelayedDeletion PROPERTIES VERSION ${PLUGIN_VERSION}
--- a/OrthancServer/Plugins/Samples/MultitenantDicom/CMakeLists.txt Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancServer/Plugins/Samples/MultitenantDicom/CMakeLists.txt Thu Jul 06 17:04:31 2023 +0200 @@ -55,6 +55,8 @@ ${AUTOGENERATED_SOURCES} ) +DefineSourceBasenameForTarget(MultitenantDicom) + target_link_libraries(MultitenantDicom ${DCMTK_LIBRARIES}) message("Setting the version of the plugin to ${ORTHANC_PLUGIN_VERSION}")
--- a/OrthancServer/Plugins/Samples/Sanitizer/CMakeLists.txt Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancServer/Plugins/Samples/Sanitizer/CMakeLists.txt Thu Jul 06 17:04:31 2023 +0200 @@ -51,6 +51,8 @@ ${ORTHANC_DICOM_SOURCES} ) +DefineSourceBasenameForTarget(Sanitizer) + target_link_libraries(Sanitizer ${DCMTK_LIBRARIES})
--- a/OrthancServer/Plugins/Samples/WebSkeleton/CMakeLists.txt Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancServer/Plugins/Samples/WebSkeleton/CMakeLists.txt Thu Jul 06 17:04:31 2023 +0200 @@ -32,3 +32,5 @@ add_library(WebSkeleton SHARED ${AUTOGENERATED_SOURCES} ) + +DefineSourceBasenameForTarget(WebSkeleton)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/OrthancServer/Resources/PreventProtobufDirectoryLeaks.py Thu Jul 06 17:04:31 2023 +0200 @@ -0,0 +1,39 @@ +#!/usr/bin/python + +# Orthanc - A Lightweight, RESTful DICOM Store +# Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics +# Department, University Hospital of Liege, Belgium +# Copyright (C) 2017-2023 Osimis S.A., Belgium +# Copyright (C) 2021-2023 Sebastien Jodogne, ICTEAM UCLouvain, Belgium +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +import sys + +if len(sys.argv) != 2: + raise Exception('Bad number of arguments in %s' % sys.argv[0]) + +with open(sys.argv[1], 'r') as f: + s = f.read() + +s = s.replace('__FILE__', '__ORTHANC_FILE__') + +s = """ +#undef __FILE__ +#define __FILE__ __ORTHANC_FILE__ +""" + s + +with open(sys.argv[1], 'w') as f: + f.write(s)
--- a/OrthancServer/Sources/OrthancInitialization.cpp Tue Jul 04 18:39:52 2023 +0200 +++ b/OrthancServer/Sources/OrthancInitialization.cpp Thu Jul 06 17:04:31 2023 +0200 @@ -52,6 +52,12 @@ #include <dcmtk/dcmnet/diutil.h> // For DCM_dcmnetLogger #if ORTHANC_ENABLE_PLUGINS == 1 +# if defined(__ORTHANC_FILE__) +// Prevents the system-wide Google Protobuf library from leaking the +// full path of this source file +# undef __FILE__ +# define __FILE__ __ORTHANC_FILE__ +# endif # include <google/protobuf/any.h> #endif