Import propolice (http://www.trl.ibm.com/projects/security/ssp), a stack

attack protection scheme, into gcc.

This protection is enabled by default. It can be turned off by using the
-fno-stack-protector flag.

Code by Hiroaki Etoh (etoh at jp dot ibm dot com); work on openbsd-specific
integration by fgsch@, deraadt@ and myself; tests by fgsch@, naddy@ and
myself; beer drinking by myself.

Please note that system upgrades with this new code will require a new
libc and ld.so to be build and installed before the propolice-enabled
compiler can be installed.

3 files changed, 92 insertions, 2 deletions

diff --git a/lib/libc/shlib_version b/lib/libc/shlib_version
index 59ded4be242..05b2c1e70b5 100644
--- a/lib/libc/shlib_version
+++ b/lib/libc/shlib_version
@@ -1,2 +1,2 @@
 major=28
-minor=8 # note: remember to update minor in ../libc_r/shlib_version
+minor=9 # note: remember to update minor in ../libc_r/shlib_version
diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc
index 90862148b46..26ac85b48ff 100644
--- a/lib/libc/sys/Makefile.inc
+++ b/lib/libc/sys/Makefile.inc
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.inc,v 1.61 2002/11/10 03:21:02 fgsch Exp $
+#	$OpenBSD: Makefile.inc,v 1.62 2002/12/02 09:00:14 miod Exp $
 #	$NetBSD: Makefile.inc,v 1.35 1995/10/16 23:49:07 jtc Exp $
 #	@(#)Makefile.inc	8.1 (Berkeley) 6/17/93
 
@@ -25,6 +25,9 @@ SRCS+=	ftruncate.c lseek.c mmap.c ptrace.c semctl.c truncate.c \
 	timer_create.c timer_delete.c timer_getoverrun.c timer_gettime.c \
 	timer_settime.c pread.c preadv.c pwrite.c pwritev.c
 
+# stack protector helper functions
+SRCS+=	stack_protector.c
+
 # modules with default implementations on all architectures:
 ASM=	accept.o access.o acct.o adjtime.o bind.o chdir.o chflags.o chmod.o \
 	chown.o chroot.o clock_gettime.o clock_settime.o clock_getres.o \
diff --git a/lib/libc/sys/stack_protector.c b/lib/libc/sys/stack_protector.c
new file mode 100644
index 00000000000..a51fe1e463f
--- /dev/null
+++ b/lib/libc/sys/stack_protector.c
@@ -0,0 +1,87 @@
+/*	$OpenBSD: stack_protector.c,v 1.1 2002/12/02 09:00:15 miod Exp $	*/
+
+/*
+ * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#if defined(LIBC_SCCS) && !defined(list)
+static char rcsid[] = "$OpenBSD: stack_protector.c,v 1.1 2002/12/02 09:00:15 miod Exp $";
+#endif
+
+#include <sys/param.h>
+#include <sys/sysctl.h>
+#include <syslog.h>
+
+long __guard[8] = {0,0,0,0,0,0,0,0};
+static void __guard_setup(void) __attribute__ ((constructor));
+void __stack_smash_handler(char func[], int damaged __attribute__((unused)));
+
+static void
+__guard_setup(void)
+{
+	int i, mib[2];
+	size_t len;
+
+	if (__guard[0] != 0)
+		return;
+
+	mib[0] = CTL_KERN;
+	mib[1] = KERN_ARND;
+
+	len = 4;
+	for (i = 0; i < sizeof(__guard) / 4; i++) {
+		if (sysctl(mib, 2, (char*)&((int*)__guard)[i],
+		    &len, NULL, 0) == -1)
+			break;
+	}
+
+	if (i < sizeof(__guard) / 4) {
+		/* If sysctl was unsuccessful, use the "terminator canary". */
+		((char*)__guard)[0] = 0; ((char*)__guard)[1] = 0;
+		((char*)__guard)[2] = '\n'; ((char*)__guard)[3] = 255;
+	}
+}
+
+void
+__stack_smash_handler(char func[], int damaged)
+{
+	struct syslog_data sdata = SYSLOG_DATA_INIT;
+	const char message[] = "stack overflow in function %s";
+	struct sigaction sa;
+
+	/* this may fail on a chroot jail, though luck */
+	syslog_r(LOG_CRIT, &sdata, message, func);
+
+	bzero(sa, sizeof(struct sigaction));
+	sigemptyset(&sa.sa_mask);
+	sa.sa_flags = 0;
+	sa.sa_handler = SIG_DFL;
+	sigaction(SIGABRT, &sa, NULL);
+
+	kill(getpid(), SIGABRT);
+
+	_exit(127);
+}