diff options
| author |   matthew <matthew@openbsd.org> | 2012-08-22 17:06:39 +0000 |
|---|---|---|
| committer | matthew <matthew@openbsd.org> | 2012-08-22 17:06:39 +0000 |
| commit | 119111e67c487335ef3708f367d4926144727acb (patch) | |
| tree | 408e23f9c8d0da391b9e2172a293d8a599621883 | |
| parent | cleanup mpii_alloc_queues, use caddr_t for kva plus a bit of cleanup (diff) | |
| download | wireguard-openbsd-119111e67c487335ef3708f367d4926144727acb.tar.xz wireguard-openbsd-119111e67c487335ef3708f367d4926144727acb.zip | |
Change ld.so and libc to use .openbsd.randomdata on ELF platforms for
initializing their __guard values. For the time being, we're leaving
libc's constructor method as a backup to make sure __guard actually
gets initialized and to emit syslog warnings when it's not.
Not really an ABI change, so no shlib bump... "hold on to your butts"
ok deraadt, kettenis
| -rw-r--r-- | lib/libc/sys/stack_protector.c | 21 | ||||
| -rw-r--r-- | libexec/ld.so/util.c | 4 |
2 files changed, 19 insertions, 6 deletions
diff --git a/lib/libc/sys/stack_protector.c b/lib/libc/sys/stack_protector.c index 7b9653255f0..2aa187afbed 100644 --- a/lib/libc/sys/stack_protector.c +++ b/lib/libc/sys/stack_protector.c @@ -1,4 +1,4 @@ -/* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ +/* $OpenBSD: stack_protector.c,v 1.11 2012/08/22 17:06:39 matthew Exp $ */ /* * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. @@ -36,7 +36,12 @@ extern int __sysctl(int *, u_int, void *, size_t *, void *, size_t); +#ifdef __ELF__ +long __guard[8] __attribute__((section(".openbsd.randomdata"))); +#else long __guard[8] = {0, 0, 0, 0, 0, 0, 0, 0}; +#endif + static void __guard_setup(void) __attribute__ ((constructor)); void __stack_smash_handler(char func[], int damaged __attribute__((unused))); @@ -44,10 +49,18 @@ static void __guard_setup(void) { int mib[2]; - size_t len; + size_t i, len; + + for (i = 0; i < sizeof(__guard) / sizeof(__guard[0]); i++) + if (__guard[i] != 0) + return; - if (__guard[0] != 0) - return; +#ifdef __ELF__ + { + struct syslog_data sdata = SYSLOG_DATA_INIT; + syslog_r(LOG_WARNING, &sdata, "__guard not initialized"); + } +#endif mib[0] = CTL_KERN; mib[1] = KERN_ARND; diff --git a/libexec/ld.so/util.c b/libexec/ld.so/util.c index cee1daef811..a96b054ec62 100644 --- a/libexec/ld.so/util.c +++ b/libexec/ld.so/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.22 2012/08/07 17:47:06 matthew Exp $ */ +/* $OpenBSD: util.c,v 1.23 2012/08/22 17:06:39 matthew Exp $ */ /* * Copyright (c) 1998 Per Fogelstrom, Opsycon AB @@ -38,7 +38,7 @@ * Ideally, a scheme to compile these stubs from libc should be used, but * this would end up dragging too much code from libc here. */ -long __guard[8] = {0, 0, 0, 0, 0, 0, 0, 0}; +long __guard[8] __attribute__((section(".openbsd.randomdata"))); void __stack_smash_handler(char [], int); |