projects / musl / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2bd05a4)
ensure canary is setup if stack-prot libs are dlopen'd into non-ssp app
authorRich Felker <dalias@aerifal.cx>
Sat, 25 Aug 2012 21:24:46 +0000 (17:24 -0400)
committerRich Felker <dalias@aerifal.cx>
Sat, 25 Aug 2012 21:24:46 +0000 (17:24 -0400)
previously, this usage could lead to a crash if the thread pointer was
still uninitialized, and otherwise would just cause the canary to be
zero (less secure).

src/env/__stack_chk_fail.c patch | blob | history
src/ldso/dynlink.c patch | blob | history

diff --git a/src/env/__stack_chk_fail.c b/src/env/__stack_chk_fail.c
index c6d0feb..eac852b 100644 (file)
--- a/src/env/__stack_chk_fail.c
+++ b/src/env/__stack_chk_fail.c
@@ -14,7 +14,8 @@ void __init_ssp(size_t *auxv)
        for (i=0; auxv[i] && auxv[i]!=AT_RANDOM; i+=2);
        if (auxv[i]) memcpy(&canary, (void *)auxv[i+1], sizeof canary);
        else canary = (uintptr_t)&canary * 1103515245;
        for (i=0; auxv[i] && auxv[i]!=AT_RANDOM; i+=2);
        if (auxv[i]) memcpy(&canary, (void *)auxv[i+1], sizeof canary);
        else canary = (uintptr_t)&canary * 1103515245;
-       __stack_chk_guard = self->canary = canary;
+       a_cas_l(&__stack_chk_guard, 0, canary);
+       self->canary = __stack_chk_guard;
 }
 
 void __stack_chk_fail(void)
 }
 
 void __stack_chk_fail(void)
diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c
index d7d6800..6ffda49 100644 (file)
--- a/src/ldso/dynlink.c
+++ b/src/ldso/dynlink.c
@@ -81,6 +81,7 @@ static int ldso_fail;
 static jmp_buf rtld_fail;
 static pthread_rwlock_t lock;
 static struct debug debug;
 static jmp_buf rtld_fail;
 static pthread_rwlock_t lock;
 static struct debug debug;
+static size_t *auxv;
 
 struct debug *_dl_debug_addr = &debug;
 
 
 struct debug *_dl_debug_addr = &debug;
 
@@ -603,7 +604,7 @@ void _dl_debug_state(void)
 
 void *__dynlink(int argc, char **argv)
 {
 
 void *__dynlink(int argc, char **argv)
 {
-       size_t *auxv, aux[AUX_CNT] = {0};
+       size_t aux[AUX_CNT] = {0};
        size_t i;
        Phdr *phdr;
        Ehdr *ehdr;
        size_t i;
        Phdr *phdr;
        Ehdr *ehdr;
@@ -838,6 +839,8 @@ void *dlopen(const char *file, int mode)
                p->global = 1;
        }
 
                p->global = 1;
        }
 
+       if (ssp_used) __init_ssp(auxv);
+
        _dl_debug_state();
 
        do_init_fini(tail);
        _dl_debug_state();
 
        do_init_fini(tail);
musl