Add clang sanitizer tests.

.github/configs

@@ -17,6 +17,7 @@ SUDO=sudo	# run with sudo by default
 TEST_SSH_UNSAFE_PERMISSIONS=1
 # Stop on first test failure to minimize logs
 TEST_SSH_FAIL_FATAL=yes
+unset CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO
 
 CONFIGFLAGS=""
 LIBCRYPTOFLAGS=""
@@ -41,6 +42,48 @@ case "$config" in
 	CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough -Wno-error=unused-parameter"
 	CONFIGFLAGS="--with-pam --with-Werror"
 	;;
+    clang-sanitize-*)
+	# - We replace chroot with chdir so that the sanitizer in the preauth
+	#   privsep process can read /proc.
+	# - clang does not recognizes explicit_bzero so we use bzero
+	#   (see https://github.com/google/sanitizers/issues/1507
+	# - openssl and zlib trip ASAN.
+	# - sp_pwdp returned by getspnam trips ASAN, hence disabling shadow.
+	case "$config" in
+	clang-sanitize-address)
+	    CFLAGS="-fsanitize=address -fno-omit-frame-pointer"
+	    LDFLAGS="-fsanitize=address"
+	    CPPFLAGS='-Dchroot=chdir -Dexplicit_bzero=bzero -DASAN_OPTIONS=\"detect_leaks=0:log_path=/tmp/asan.log\"'
+	    CONFIGFLAGS="--without-openssl --without-zlib --without-shadow"
+	    TEST_TARGET="t-exec"
+	    ;;
+	clang-sanitize-memory)
+	    CFLAGS="-fsanitize=memory -fsanitize-memory-track-origins"
+	    LDFLAGS="-fsanitize=memory"
+	    CPPFLAGS='-Dchroot=chdir -Dexplicit_bzero=bzero -DMSAN_OPTIONS=\"log_path=/tmp/msan.log\"'
+	    CONFIGFLAGS="--without-openssl --without-zlib --without-shadow"
+	    TEST_TARGET="t-exec"
+	    ;;
+	clang-sanitize-undefined)
+	    CFLAGS="-fsanitize=undefined"
+	    LDFLAGS="-fsanitize=undefined"
+	    ;;
+	*)
+	     echo unknown sanitize option;
+	     exit 1;;
+	esac
+	# Find the newest available version of clang
+	for i in `seq 10 99`; do
+	    clang=$(which clang-$i 2>/dev/null)
+	    [ -x "$clang" ] && CC="$clang"
+	done
+	features="--disable-security-key --disable-pkcs11"
+	hardening="--without-sandbox --without-hardening --without-stackprotect"
+	privsep="--with-privsep-user=root"
+	CONFIGFLAGS="$CONFIGFLAGS $features $hardening $privsep"
+	# Because we hobble chroot we can't test it.
+	SKIP_LTESTS=sftp-chroot
+	;;
     gcc-11-Werror)
 	CC="gcc"
 	# -Wnoformat-truncation in gcc 7.3.1 20180130 fails on fmt_scaled
@@ -227,5 +270,5 @@ if [ -x "$(which plink 2>/dev/null)" ]; then
 	export REGRESS_INTEROP_PUTTY
 fi
 
-export CC CFLAGS LTESTS SUDO
+export CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO
 export TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS TEST_SSH_FAIL_FATAL

.github/setup_ci.sh

@@ -37,6 +37,9 @@ for TARGET in $TARGETS; do
     default|without-openssl|without-zlib|c89|libedit|*pam)
         # nothing to do
         ;;
+    clang-sanitize*)
+        PACKAGES="$PACKAGES clang-12"
+        ;;
     clang-*|gcc-*)
         compiler=$(echo $TARGET | sed 's/-Werror//')
         PACKAGES="$PACKAGES $compiler"

.github/workflows/c-cpp.yml

@@ -32,6 +32,9 @@ jobs:
           - { os: ubuntu-20.04, configs: clang-10 }
           - { os: ubuntu-20.04, configs: clang-11 }
           - { os: ubuntu-20.04, configs: clang-12-Werror }
+          - { os: ubuntu-20.04, configs: clang-sanitize-address }
+          - { os: ubuntu-20.04, configs: clang-sanitize-memory }
+          - { os: ubuntu-20.04, configs: clang-sanitize-undefined }
           - { os: ubuntu-20.04, configs: gcc-7 }
           - { os: ubuntu-20.04, configs: gcc-8 }
           - { os: ubuntu-20.04, configs: gcc-10 }
@@ -106,3 +109,5 @@ jobs:
           config.log
           regress/*.log
           regress/valgrind-out/
+          /tmp/asan.log.*
+          /tnp/msan.log.*

openbsd-compat/bsd-misc.c

@@ -446,3 +446,15 @@ localtime_r(const time_t *timep, struct tm *result)
 	return result;
 }
 #endif
+
+#ifdef ASAN_OPTIONS
+const char *__asan_default_options(void) {
+	return ASAN_OPTIONS;
+}
+#endif
+
+#ifdef MSAN_OPTIONS
+const char *__msan_default_options(void) {
+	return MSAN_OPTIONS;
+}
+#endif