1 /* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ 2 /* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ 3 /* 4 * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 * 28 */ 29 30 #include <sys/cdefs.h> 31 __FBSDID("$FreeBSD$"); 32 33 #include <sys/param.h> 34 #include <sys/sysctl.h> 35 #include <errno.h> 36 #include <link.h> 37 #include <signal.h> 38 #include <string.h> 39 #include <syslog.h> 40 #include <unistd.h> 41 #include "libc_private.h" 42 43 /* 44 * We give __guard_setup a defined priority early on so that statically linked 45 * applications have a defined priority at which __stack_chk_guard will be 46 * getting initialized. This will not matter to most applications, because 47 * they're either not usually statically linked or they simply don't do things 48 * in constructors that would be adversely affected by their positioning with 49 * respect to this initialization. 50 * 51 * This conditional should be removed when GCC 4.2 is removed. 52 */ 53 #if __has_attribute(__constructor__) || __GNUC_PREREQ__(4, 3) 54 #define _GUARD_SETUP_CTOR_ATTR \ 55 __attribute__((__constructor__ (200), __used__)); 56 #else 57 #define _GUARD_SETUP_CTOR_ATTR \ 58 __attribute__((__constructor__, __used__)); 59 #endif 60 61 extern long __stack_chk_guard[8]; 62 extern int __sysctl(const int *name, u_int namelen, void *oldp, 63 size_t *oldlenp, void *newp, size_t newlen); 64 65 long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0}; 66 static void __guard_setup(void) _GUARD_SETUP_CTOR_ATTR; 67 static void __fail(const char *) __dead2; 68 void __stack_chk_fail(void) __dead2; 69 void __chk_fail(void) __dead2; 70 71 /*LINTED used*/ 72 static void 73 __guard_setup(void) 74 { 75 static const int mib[2] = { CTL_KERN, KERN_ARND }; 76 volatile long tmp_stack_chk_guard[nitems(__stack_chk_guard)]; 77 size_t idx, len; 78 int error; 79 80 if (__stack_chk_guard[0] != 0) 81 return; 82 /* 83 * Avoid using functions which might have stack protection 84 * enabled, to update the __stack_chk_guard. First fetch the 85 * data into a temporal array, then do manual volatile copy to 86 * not allow optimizer to call memcpy() behind us. 87 */ 88 error = _elf_aux_info(AT_CANARY, 89 __DEQUALIFY(void *, tmp_stack_chk_guard), 90 sizeof(tmp_stack_chk_guard)); 91 if (error == 0 && tmp_stack_chk_guard[0] != 0) { 92 for (idx = 0; idx < nitems(__stack_chk_guard); idx++) { 93 __stack_chk_guard[idx] = tmp_stack_chk_guard[idx]; 94 tmp_stack_chk_guard[idx] = 0; 95 } 96 return; 97 } 98 99 len = sizeof(__stack_chk_guard); 100 if (__sysctl(mib, nitems(mib), __stack_chk_guard, &len, NULL, 0) == 101 -1 || len != sizeof(__stack_chk_guard)) { 102 /* If sysctl was unsuccessful, use the "terminator canary". */ 103 ((unsigned char *)(void *)__stack_chk_guard)[0] = 0; 104 ((unsigned char *)(void *)__stack_chk_guard)[1] = 0; 105 ((unsigned char *)(void *)__stack_chk_guard)[2] = '\n'; 106 ((unsigned char *)(void *)__stack_chk_guard)[3] = 255; 107 } 108 } 109 110 /*ARGSUSED*/ 111 static void 112 __fail(const char *msg) 113 { 114 struct sigaction sa; 115 sigset_t mask; 116 117 /* Immediately block all signal handlers from running code */ 118 (void)sigfillset(&mask); 119 (void)sigdelset(&mask, SIGABRT); 120 (void)sigprocmask(SIG_BLOCK, &mask, NULL); 121 122 /* This may fail on a chroot jail... */ 123 syslog(LOG_CRIT, "%s", msg); 124 125 (void)memset(&sa, 0, sizeof(sa)); 126 (void)sigemptyset(&sa.sa_mask); 127 sa.sa_flags = 0; 128 sa.sa_handler = SIG_DFL; 129 (void)sigaction(SIGABRT, &sa, NULL); 130 (void)kill(getpid(), SIGABRT); 131 _exit(127); 132 } 133 134 void 135 __stack_chk_fail(void) 136 { 137 __fail("stack overflow detected; terminated"); 138 } 139 140 void 141 __chk_fail(void) 142 { 143 __fail("buffer overflow detected; terminated"); 144 } 145 146 #ifndef PIC 147 __weak_reference(__stack_chk_fail, __stack_chk_fail_local); 148 #endif 149