]> git.saurik.com Git - apple/libc.git/blame - sys/OpenBSD/stack_protector.c
Libc-997.90.3.tar.gz
[apple/libc.git] / sys / OpenBSD / stack_protector.c
CommitLineData
1f2f436a
A
1/* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */
2
eb1cde05
A
3/*
4 * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT,
20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE.
27 *
28 */
29
eb1cde05 30#include <sys/param.h>
1f2f436a
A
31#include <signal.h>
32#include <string.h>
ad3c9f2a
A
33#include <stdlib.h>
34#include <asl.h>
1f2f436a 35#include <unistd.h>
ad3c9f2a
A
36#include <sys/types.h>
37#include <fcntl.h>
38#include "CrashReporterClient.h"
39#include "libproc.h"
40#include "_simple.h"
1f2f436a 41
ad3c9f2a
A
42#define GUARD_MAX 8
43long __stack_chk_guard[GUARD_MAX] = {0, 0, 0, 0, 0, 0, 0, 0};
44void __abort(void) __dead2;
45void __guard_setup(const char *apple[]) __attribute__ ((visibility ("hidden")));
46void __stack_chk_fail(void);
eb1cde05
A
47
48static void
ad3c9f2a 49__guard_from_kernel(const char *str)
eb1cde05 50{
ad3c9f2a
A
51 unsigned long long val;
52 char tmp[20], *p;
53 int idx = 0;
1f2f436a 54
ad3c9f2a
A
55 /* Skip over the 'stack_guard=' key to the list of values */
56 str = strchr(str, '=');
57 if (str == NULL)
1f2f436a 58 return;
ad3c9f2a 59 str++;
1f2f436a 60
ad3c9f2a
A
61 while (str && idx < GUARD_MAX) {
62 /*
63 * Pull the next numeric string out of the list and convert it to
64 * a real number.
65 */
66 strlcpy(tmp, str, 20);
67 p = strchr(tmp, ',');
68 if (p)
69 *p = '\0';
70 val = strtoull(tmp, NULL, 0);
71 __stack_chk_guard[idx] = (long)(val & ((unsigned long) -1));
72 idx++;
73 if ((str = strchr(str, ',')) != NULL)
74 str++;
1f2f436a 75 }
eb1cde05
A
76}
77
78void
ad3c9f2a 79__guard_setup(const char *apple[])
eb1cde05 80{
ad3c9f2a
A
81 int fd;
82 size_t len;
83 const char **p;
1f2f436a 84
ad3c9f2a
A
85 if (__stack_chk_guard[0] != 0)
86 return;
eb1cde05 87
ad3c9f2a
A
88 for (p = apple; p && *p; p++) {
89 if (strstr(*p, "stack_guard") == *p) {
90 __guard_from_kernel(*p);
6465356a
A
91 bzero((void*)*p, strlen(*p));
92 if (__stack_chk_guard[0] != 0) {
ad3c9f2a 93 return;
6465356a 94 }
ad3c9f2a
A
95 }
96 }
97
98 fd = open ("/dev/urandom", 0);
99 if (fd != -1) {
100 len = read (fd, (char*)&__stack_chk_guard, sizeof(__stack_chk_guard));
101 close(fd);
102 if (len == sizeof(__stack_chk_guard) &&
103 *__stack_chk_guard != 0)
104 return;
105 }
106
107 /* If If a random generator can't be used, the protector switches the guard
108 to the "terminator canary" */
109 ((unsigned char *)__stack_chk_guard)[0] = 0;
110 ((unsigned char *)__stack_chk_guard)[1] = 0;
111 ((unsigned char *)__stack_chk_guard)[2] = '\n';
112 ((unsigned char *)__stack_chk_guard)[3] = 255;
113}
114
115#define STACKOVERFLOW "] stack overflow"
eb1cde05 116
ad3c9f2a
A
117void
118__stack_chk_fail()
119{
120 char n[16]; // bigger than will hold the digits in a pid_t
121 char *np;
122 int pid = getpid();
123 char message[sizeof(n) + sizeof(STACKOVERFLOW)] = "[";
124 char prog[2*MAXCOMLEN+1] = {0};
eb1cde05 125
ad3c9f2a
A
126 proc_name(pid, prog, 2*MAXCOMLEN);
127 prog[2*MAXCOMLEN] = 0;
128 np = n + sizeof(n);
129 *--np = 0;
130 while(pid > 0) {
131 *--np = (pid % 10) + '0';
132 pid /= 10;
133 }
134 strlcat(message, np, sizeof(message));
135 strlcat(message, STACKOVERFLOW, sizeof(message));
136 /* This may fail on a chroot jail... */
137 _simple_asl_log_prog(ASL_LEVEL_CRIT, "user", message, prog);
eb1cde05 138
ad3c9f2a
A
139 CRSetCrashLogMessage(message);
140 __abort();
eb1cde05 141}