1 /* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ 2 /* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ 3 /* 4 * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 * 28 */ 29 30 #include <sys/cdefs.h> 31 __FBSDID("$FreeBSD$"); 32 33 #include <sys/param.h> 34 #include <sys/sysctl.h> 35 #include <errno.h> 36 #include <link.h> 37 #include <signal.h> 38 #include <string.h> 39 #include <syslog.h> 40 #include <unistd.h> 41 #include "libc_private.h" 42 43 /* 44 * We give __guard_setup a defined priority early on so that statically linked 45 * applications have a defined priority at which __stack_chk_guard will be 46 * getting initialized. This will not matter to most applications, because 47 * they're either not usually statically linked or they simply don't do things 48 * in constructors that would be adversely affected by their positioning with 49 * respect to this initialization. 50 */ 51 static void __guard_setup(void) 52 __attribute__((__constructor__ (200), __used__)); 53 54 extern long __stack_chk_guard[8]; 55 extern int __sysctl(const int *name, u_int namelen, void *oldp, 56 size_t *oldlenp, void *newp, size_t newlen); 57 58 long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0}; 59 static void __fail(const char *) __dead2; 60 void __stack_chk_fail(void) __dead2; 61 void __chk_fail(void) __dead2; 62 63 /*LINTED used*/ 64 static void 65 __guard_setup(void) 66 { 67 static const int mib[2] = { CTL_KERN, KERN_ARND }; 68 volatile long tmp_stack_chk_guard[nitems(__stack_chk_guard)]; 69 size_t idx, len; 70 int error; 71 72 if (__stack_chk_guard[0] != 0) 73 return; 74 /* 75 * Avoid using functions which might have stack protection 76 * enabled, to update the __stack_chk_guard. First fetch the 77 * data into a temporal array, then do manual volatile copy to 78 * not allow optimizer to call memcpy() behind us. 79 */ 80 error = _elf_aux_info(AT_CANARY, 81 __DEQUALIFY(void *, tmp_stack_chk_guard), 82 sizeof(tmp_stack_chk_guard)); 83 if (error == 0 && tmp_stack_chk_guard[0] != 0) { 84 for (idx = 0; idx < nitems(__stack_chk_guard); idx++) { 85 __stack_chk_guard[idx] = tmp_stack_chk_guard[idx]; 86 tmp_stack_chk_guard[idx] = 0; 87 } 88 return; 89 } 90 91 len = sizeof(__stack_chk_guard); 92 if (__sysctl(mib, nitems(mib), __stack_chk_guard, &len, NULL, 0) == 93 -1 || len != sizeof(__stack_chk_guard)) { 94 /* If sysctl was unsuccessful, use the "terminator canary". */ 95 ((unsigned char *)(void *)__stack_chk_guard)[0] = 0; 96 ((unsigned char *)(void *)__stack_chk_guard)[1] = 0; 97 ((unsigned char *)(void *)__stack_chk_guard)[2] = '\n'; 98 ((unsigned char *)(void *)__stack_chk_guard)[3] = 255; 99 } 100 } 101 102 /*ARGSUSED*/ 103 static void 104 __fail(const char *msg) 105 { 106 struct sigaction sa; 107 sigset_t mask; 108 109 /* Immediately block all signal handlers from running code */ 110 (void)sigfillset(&mask); 111 (void)sigdelset(&mask, SIGABRT); 112 (void)sigprocmask(SIG_BLOCK, &mask, NULL); 113 114 /* This may fail on a chroot jail... */ 115 syslog(LOG_CRIT, "%s", msg); 116 117 (void)memset(&sa, 0, sizeof(sa)); 118 (void)sigemptyset(&sa.sa_mask); 119 sa.sa_flags = 0; 120 sa.sa_handler = SIG_DFL; 121 (void)sigaction(SIGABRT, &sa, NULL); 122 (void)kill(getpid(), SIGABRT); 123 _exit(127); 124 } 125 126 void 127 __stack_chk_fail(void) 128 { 129 __fail("stack overflow detected; terminated"); 130 } 131 132 void 133 __chk_fail(void) 134 { 135 __fail("buffer overflow detected; terminated"); 136 } 137 138 #ifndef PIC 139 __weak_reference(__stack_chk_fail, __stack_chk_fail_local); 140 #endif 141