diff options
| author |   dhartmei <dhartmei@openbsd.org> | 2002-09-14 22:03:14 +0000 |
|---|---|---|
| committer | dhartmei <dhartmei@openbsd.org> | 2002-09-14 22:03:14 +0000 |
| commit | 8d62ee40dc28d335867f292dd8aab66f53e20b5b (patch) | |
| tree | ad54f039e1d7d49a8f9d2f8fe09f8b447e2e743f /lib/libc/stdlib/atexit.c | |
| parent | recognize AppleKiwi (diff) | |
| download | wireguard-openbsd-8d62ee40dc28d335867f292dd8aab66f53e20b5b.tar.xz wireguard-openbsd-8d62ee40dc28d335867f292dd8aab66f53e20b5b.zip | |
Move __cleanup into mprotect'ed page to prevent unintentional modifications
similar to the atexit handlers. Idea and help deraadt@, ok deraadt@
Diffstat (limited to 'lib/libc/stdlib/atexit.c')
| -rw-r--r-- | lib/libc/stdlib/atexit.c | 61 |
1 files changed, 56 insertions, 5 deletions
diff --git a/lib/libc/stdlib/atexit.c b/lib/libc/stdlib/atexit.c index da5a0ddda03..98564d0dd3a 100644 --- a/lib/libc/stdlib/atexit.c +++ b/lib/libc/stdlib/atexit.c @@ -29,7 +29,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: atexit.c,v 1.6 2002/09/06 22:48:34 henning Exp $"; +static char *rcsid = "$OpenBSD: atexit.c,v 1.7 2002/09/14 22:03:14 dhartmei Exp $"; #endif /* LIBC_SCCS and not lint */ #include <sys/types.h> @@ -42,6 +42,20 @@ int __atexit_invalid = 1; struct atexit *__atexit; /* + * Function pointers are stored in a linked list of pages. The list + * is initially empty, and pages are allocated on demand. The first + * function pointer in the first allocated page (the last one in + * the linked list) is reserved for the cleanup function. + * + * Outside the following two functions, all pages are mprotect()'ed + * to prevent unintentional/malicious corruption. + * + * The free(malloc(1)) is a workaround causing malloc_init() to + * ensure that malloc.c gets the first mmap() call for its sbrk() + * games. + */ + +/* * Register a function to be performed at exit. */ int @@ -61,9 +75,6 @@ atexit(fn) } if (p == NULL) { if (__atexit_invalid) { - /* malloc.c wants the first mmap() for sbrk() - games ('nice hack'), so enforce - malloc_init() with a dummy call. */ free(malloc(1)); __atexit_invalid = 0; } @@ -71,7 +82,11 @@ atexit(fn) MAP_ANON | MAP_PRIVATE, -1, 0); if (p == MAP_FAILED) return (-1); - p->ind = 0; + if (__atexit == NULL) { + p->fns[0] = NULL; + p->ind = 1; + } else + p->ind = 0; p->max = (pgsize - ((char *)&p->fns[0] - (char *)p)) / sizeof(p->fns[0]); p->next = __atexit; @@ -82,3 +97,39 @@ atexit(fn) return (-1); return (0); } + +/* + * Register the cleanup function + */ +void +__atexit_register_cleanup(fn) + void (*fn)(); +{ + register struct atexit *p = __atexit; + register int pgsize = getpagesize(); + + if (pgsize < sizeof(*p)) + return; + while (p != NULL && p->next != NULL) + p = p->next; + if (p == NULL) { + if (__atexit_invalid) { + free(malloc(1)); + __atexit_invalid = 0; + } + p = mmap(NULL, pgsize, PROT_READ | PROT_WRITE, + MAP_ANON | MAP_PRIVATE, -1, 0); + if (p == MAP_FAILED) + return; + p->ind = 1; + p->max = (pgsize - ((char *)&p->fns[0] - (char *)p)) / + sizeof(p->fns[0]); + p->next = NULL; + __atexit = p; + } else { + if (mprotect(p, pgsize, PROT_READ | PROT_WRITE)) + return; + } + p->fns[0] = fn; + mprotect(p, pgsize, PROT_READ); +} |