1 /* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ 2 /* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ 3 /* 4 * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 * 28 */ 29 30 #include <sys/cdefs.h> 31 #include <sys/param.h> 32 #include <sys/sysctl.h> 33 #include <errno.h> 34 #include <link.h> 35 #include <signal.h> 36 #include <string.h> 37 #include <syslog.h> 38 #include <unistd.h> 39 #include "libc_private.h" 40 41 /* 42 * We give __guard_setup a defined priority early on so that statically linked 43 * applications have a defined priority at which __stack_chk_guard will be 44 * getting initialized. This will not matter to most applications, because 45 * they're either not usually statically linked or they simply don't do things 46 * in constructors that would be adversely affected by their positioning with 47 * respect to this initialization. 48 */ 49 static void __guard_setup(void) 50 __attribute__((__constructor__ (200), __used__)); 51 52 extern long __stack_chk_guard[8]; 53 extern int __sysctl(const int *name, u_int namelen, void *oldp, 54 size_t *oldlenp, void *newp, size_t newlen); 55 56 long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0}; 57 static void __fail(const char *) __dead2; 58 void __stack_chk_fail(void) __dead2; 59 void __chk_fail(void) __dead2; 60 61 /*LINTED used*/ 62 static void 63 __guard_setup(void) 64 { 65 static const int mib[2] = { CTL_KERN, KERN_ARND }; 66 volatile long tmp_stack_chk_guard[nitems(__stack_chk_guard)]; 67 size_t idx, len; 68 int error; 69 70 if (__stack_chk_guard[0] != 0) 71 return; 72 /* 73 * Avoid using functions which might have stack protection 74 * enabled, to update the __stack_chk_guard. First fetch the 75 * data into a temporal array, then do manual volatile copy to 76 * not allow optimizer to call memcpy() behind us. 77 */ 78 error = _elf_aux_info(AT_CANARY, 79 __DEQUALIFY(void *, tmp_stack_chk_guard), 80 sizeof(tmp_stack_chk_guard)); 81 if (error == 0 && tmp_stack_chk_guard[0] != 0) { 82 for (idx = 0; idx < nitems(__stack_chk_guard); idx++) { 83 __stack_chk_guard[idx] = tmp_stack_chk_guard[idx]; 84 tmp_stack_chk_guard[idx] = 0; 85 } 86 return; 87 } 88 89 len = sizeof(__stack_chk_guard); 90 if (__sysctl(mib, nitems(mib), __stack_chk_guard, &len, NULL, 0) == 91 -1 || len != sizeof(__stack_chk_guard)) { 92 /* If sysctl was unsuccessful, use the "terminator canary". */ 93 ((unsigned char *)(void *)__stack_chk_guard)[0] = 0; 94 ((unsigned char *)(void *)__stack_chk_guard)[1] = 0; 95 ((unsigned char *)(void *)__stack_chk_guard)[2] = '\n'; 96 ((unsigned char *)(void *)__stack_chk_guard)[3] = 255; 97 } 98 } 99 100 /*ARGSUSED*/ 101 static void 102 __fail(const char *msg) 103 { 104 struct sigaction sa; 105 sigset_t mask; 106 107 /* Immediately block all signal handlers from running code */ 108 (void)sigfillset(&mask); 109 (void)sigdelset(&mask, SIGABRT); 110 (void)sigprocmask(SIG_BLOCK, &mask, NULL); 111 112 /* This may fail on a chroot jail... */ 113 syslog(LOG_CRIT, "%s", msg); 114 115 (void)memset(&sa, 0, sizeof(sa)); 116 (void)sigemptyset(&sa.sa_mask); 117 sa.sa_flags = 0; 118 sa.sa_handler = SIG_DFL; 119 (void)sigaction(SIGABRT, &sa, NULL); 120 (void)kill(getpid(), SIGABRT); 121 _exit(127); 122 } 123 124 void 125 __stack_chk_fail(void) 126 { 127 __fail("stack overflow detected; terminated"); 128 } 129 130 void 131 __chk_fail(void) 132 { 133 __fail("buffer overflow detected; terminated"); 134 } 135 136 #ifndef PIC 137 __weak_reference(__stack_chk_fail, __stack_chk_fail_local); 138 #endif 139