diff options
Diffstat (limited to 'libc/sysdeps')
-rw-r--r-- | libc/sysdeps/linux/common/ssp.c | 121 |
1 files changed, 66 insertions, 55 deletions
diff --git a/libc/sysdeps/linux/common/ssp.c b/libc/sysdeps/linux/common/ssp.c index 07513e7c4..8dcc3dc59 100644 --- a/libc/sysdeps/linux/common/ssp.c +++ b/libc/sysdeps/linux/common/ssp.c @@ -20,102 +20,113 @@ #error "file must not be compiled with stack protection enabled on it. Use -fno-stack-protector" #endif +#include <string.h> +#include <unistd.h> +#include <signal.h> +#ifdef __UCLIBC_HAS_SYSLOG__ +#include <sys/syslog.h> +#endif + #ifdef __PROPOLICE_BLOCK_SEGV__ # define SSP_SIGTYPE SIGSEGV #else # define SSP_SIGTYPE SIGABRT #endif -#include <string.h> -#include <unistd.h> -#include <signal.h> -#if defined __UCLIBC_HAS_SYSLOG__ -#include <sys/syslog.h> +static void do_write(const char *msg) +{ + /* could use inlined syscall here to be sure ... */ + return (void) write(STDERR_FILENO, msg, strlen(msg)); +} +static void __cold do_msg(const char *msg1, const char *msg2, const char *msg3) +{ + do_write(msg1); + do_write(msg2); + do_write(msg3); + do_write("\n"); +#ifdef __UCLIBC_HAS_SYSLOG__ + syslog(LOG_INFO, "%s%s%s()", msg1, msg2, msg3); #endif +} - -static void block_signals(void) +static void __cold attribute_noreturn +#ifdef __UCLIBC_HAS_SSP_COMPAT__ +ssp_handler(char func[]) +#else +ssp_handler(void) +#endif { + pid_t pid; + static const char msg_ssd[] = "*** stack smashing detected ***: "; + static const char msg_terminated[] = " terminated"; +#ifdef __UCLIBC_HAS_SSP_COMPAT__ + static const char msg_ssa[] = ": stack smashing attack in function "; +#endif + +#ifdef __DODEBUG__ struct sigaction sa; sigset_t mask; __sigfillset(&mask); __sigdelset(&mask, SSP_SIGTYPE); /* Block all signal handlers */ sigprocmask(SIG_BLOCK, &mask, NULL); /* except SSP_SIGTYPE */ +#endif + +#ifdef __UCLIBC_HAS_SSP_COMPAT__ + if (func != NULL) + do_msg(__uclibc_progname, msg_ssa, func); + else +#endif + do_msg(msg_ssd, __uclibc_progname, msg_terminated); + pid = getpid(); +#ifdef __DODEBUG__ /* Make the default handler associated with the signal handler */ memset(&sa, 0, sizeof(sa)); __sigfillset(&sa.sa_mask); /* Block all signals */ if (SIG_DFL) /* if it's constant zero, it's already done */ sa.sa_handler = SIG_DFL; - sigaction(SSP_SIGTYPE, &sa, NULL); -} - -static void __cold ssp_write(int fd, const char *msg1, const char *msg2, const char *msg3) -{ - write(fd, msg1, strlen(msg1)); - write(fd, msg2, strlen(msg2)); - write(fd, msg3, strlen(msg3)); - write(fd, "()\n", 3); -#if defined __UCLIBC_HAS_SYSLOG__ - openlog("ssp", LOG_CONS | LOG_PID, LOG_USER); - syslog(LOG_INFO, "%s%s%s()", msg1, msg2, msg3); - closelog(); + if (sigaction(SSP_SIGTYPE, &sa, NULL) == 0) + (void)kill(pid, SSP_SIGTYPE); #endif -} - -static attribute_noreturn void terminate(void) -{ - (void) kill(getpid(), SSP_SIGTYPE); - _exit(127); + (void)kill(pid, SIGKILL); + /* The loop is added only to keep gcc happy. */ + while(1) + _exit(127); } #ifdef __UCLIBC_HAS_SSP_COMPAT__ -void __stack_smash_handler(char func[], int damaged __attribute__ ((unused))) attribute_noreturn __cold; -void __stack_smash_handler(char func[], int damaged) +void __stack_smash_handler(char func[], int damaged) attribute_noreturn __cold; +void __stack_smash_handler(char func[], int damaged attribute_unused) { - static const char message[] = ": stack smashing attack in function "; - - block_signals(); - - ssp_write(STDERR_FILENO, __uclibc_progname, message, func); - - /* The loop is added only to keep gcc happy. */ - while(1) - terminate(); + ssp_handler(func); } -#endif -#ifdef __UCLIBC_HAS_SSP__ void __stack_chk_fail(void) { - static const char msg1[] = "stack smashing detected: "; - static const char msg3[] = " terminated"; - - block_signals(); - - ssp_write(STDERR_FILENO, msg1, __uclibc_progname, msg3); - - /* The loop is added only to keep gcc happy. */ - while(1) - terminate(); + ssp_handler(NULL); } +#else +strong_alias(ssp_handler,__stack_chk_fail) #endif #ifdef __UCLIBC_HAS_FORTIFY__ +/* should be redone when activated to use common code above. + * for now, it works without debugging support */ void __chk_fail(void) { - static const char msg1[] = "buffer overflow detected: "; - static const char msg3[] = " terminated"; - - block_signals(); + static const char msg_fail[] = "*** buffer overflow detected ***: "; + static const char msg_terminated[] = " terminated"; + pid_t pid; - ssp_write(STDERR_FILENO, msg1, __uclibc_progname, msg3); + do_msg(msg_fail, __uclibc_progname, msg_terminated); + pid = getpid(); + (void)kill(pid, SIGKILL); /* The loop is added only to keep gcc happy. */ while(1) - terminate(); + _exit(127); } libc_hidden_def(__chk_fail) #endif |