From 5b637fb0bfa2faa357e08aab646e6c427c9f397c Mon Sep 17 00:00:00 2001
From: Richard Jones <rjones@redhat.com>
Date: Sat, 3 Apr 2010 16:06:58 +0100
Subject: Add a linker script to limit visibility to exported symbols.

---
 .gitignore             |  1 +
 configure.ac           |  6 ++++++
 generator/generator.ml | 28 ++++++++++++++++++++++++++++
 lib/Makefile.am        | 12 +++++++++---
 sh/Makefile.am         |  2 +-
 5 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index bd99122..5984892 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,6 +37,7 @@ install-sh
 lib/*.3
 lib/hivex.h
 lib/hivex.pod
+lib/hivex.syms
 lib/tools/*.opt
 .libs
 libtool
diff --git a/configure.ac b/configure.ac
index dda6892..52dbf6d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -116,6 +116,12 @@ test "x$U" != "x" && AC_MSG_ERROR([Compiler not ANSI compliant])
 
 AM_PROG_CC_C_O
 
+dnl Work out how to specify the linker script to the linker.
+VERSION_SCRIPT_FLAGS=-Wl,--version-script=
+`/usr/bin/ld --help 2>&1 | grep -- --version-script >/dev/null` || \
+    VERSION_SCRIPT_FLAGS="-Wl,-M -Wl,"
+AC_SUBST(VERSION_SCRIPT_FLAGS)
+
 dnl Check support for 64 bit file offsets.
 AC_SYS_LARGEFILE
 
diff --git a/generator/generator.ml b/generator/generator.ml
index 96d198d..e1e957a 100755
--- a/generator/generator.ml
+++ b/generator/generator.ml
@@ -1321,6 +1321,32 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 Lesser General Public License for more details.
 "
 
+(* Generate the linker script which controls the visibility of
+ * symbols in the public ABI and ensures no other symbols get
+ * exported accidentally.
+ *)
+and generate_linker_script () =
+  generate_header HashStyle GPLv2plus;
+
+  let globals = [
+    "hivex_visit";
+    "hivex_visit_node"
+  ] in
+
+  let functions =
+    List.map (fun (name, _, _, _) -> "hivex_" ^ name)
+      functions in
+  let globals = List.sort compare (globals @ functions) in
+
+  pr "{\n";
+  pr "    global:\n";
+  List.iter (pr "        %s;\n") globals;
+  pr "\n";
+
+  pr "    local:\n";
+  pr "        *;\n";
+  pr "};\n"
+
 and generate_ocaml_interface () =
   generate_header OCamlStyle LGPLv2plus;
 
@@ -2522,6 +2548,8 @@ Run it from the top source directory using the command
   output_to "lib/hivex.h" generate_c_header;
   output_to "lib/hivex.pod" generate_c_pod;
 
+  output_to "lib/hivex.syms" generate_linker_script;
+
   output_to "ocaml/hivex.mli" generate_ocaml_interface;
   output_to "ocaml/hivex.ml" generate_ocaml_implementation;
   output_to "ocaml/hivex_c.c" generate_ocaml_c;
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 75db8bf..d54aaee 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -18,7 +18,8 @@
 SUBDIRS = tools
 
 EXTRA_DIST = \
-	hivex.pod
+	hivex.pod \
+	hivex.syms
 
 lib_LTLIBRARIES = libhivex.la
 
@@ -26,10 +27,15 @@ libhivex_la_SOURCES = \
   hivex.c \
   hivex.h \
   byte_conversions.h \
-  gettext.h
+  gettext.h \
+  hivex.syms
 
 libhivex_la_LIBADD =  ../gnulib/lib/libgnu.la
-libhivex_la_LDFLAGS = -version-info 0:0:0 $(LTLIBINTL) $(LTLIBTHREAD)
+libhivex_la_LDFLAGS = \
+	-version-info 0:0:0 \
+	$(VERSION_SCRIPT_FLAGS)hivex.syms \
+	$(LTLIBINTL) \
+	$(LTLIBTHREAD)
 libhivex_la_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS)
 libhivex_la_CPPFLAGS = -I$(top_srcdir)/gnulib/lib
 
diff --git a/sh/Makefile.am b/sh/Makefile.am
index a3ca5c7..0898370 100644
--- a/sh/Makefile.am
+++ b/sh/Makefile.am
@@ -35,7 +35,7 @@ hivexsh_SOURCES = \
   ../lib/hivex.h \
   ../lib/byte_conversions.h
 
-hivexsh_LDADD = ../lib/libhivex.la $(LIBREADLINE)
+hivexsh_LDADD = ../lib/libhivex.la ../gnulib/lib/libgnu.la $(LIBREADLINE)
 hivexsh_CFLAGS = \
   -I$(top_srcdir)/gnulib/lib \
   -I$(top_srcdir)/lib \
-- 
cgit