[apple/libc.git] / sys / OpenBSD / stack_protector.c

/*	$OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $	*/

/*
 * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
 */

#include <sys/param.h>
#include <signal.h>
#include <string.h>
#include <stdlib.h>
#include <asl.h>
#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>
#include "CrashReporterClient.h"
#include "libproc.h"
#include "_simple.h"

#define	GUARD_MAX 8
long __stack_chk_guard[GUARD_MAX] = {0, 0, 0, 0, 0, 0, 0, 0};
void __abort(void) __dead2;
void __guard_setup(const char *apple[]) __attribute__ ((visibility ("hidden")));
void __stack_chk_fail(void);

static void
__guard_from_kernel(const char *str)
{
	unsigned long long val;
	char tmp[20], *p;
	int idx = 0;

	/* Skip over the 'stack_guard=' key to the list of values */
	str = strchr(str, '=');
	if (str == NULL)
		return;
	str++;

	while (str && idx < GUARD_MAX) {
		/*
		 * Pull the next numeric string out of the list and convert it to
		 * a real number.
		 */
		strlcpy(tmp, str, 20);
		p = strchr(tmp, ',');
		if (p)
			*p = '\0';
		val = strtoull(tmp, NULL, 0);
		__stack_chk_guard[idx] = (long)(val & ((unsigned long) -1));
		idx++;
		if ((str = strchr(str, ',')) != NULL)
			str++;
	}
}

void
__guard_setup(const char *apple[])
{
	int fd;
	size_t len;
	const char **p;

	if (__stack_chk_guard[0] != 0)
		return;

	for (p = apple; p && *p; p++) {
		if (strstr(*p, "stack_guard") == *p) {
			__guard_from_kernel(*p);
			bzero((void*)*p, strlen(*p));
			if (__stack_chk_guard[0] != 0) {
				return;
			}
		}
	}

	fd = open ("/dev/urandom", 0);
	if (fd != -1) {
		len = read (fd, (char*)&__stack_chk_guard, sizeof(__stack_chk_guard));
		close(fd);
		if (len == sizeof(__stack_chk_guard) && 
                    *__stack_chk_guard != 0)
			return;
	}

	/* If If a random generator can't be used, the protector switches the guard
           to the "terminator canary" */
	((unsigned char *)__stack_chk_guard)[0] = 0;
	((unsigned char *)__stack_chk_guard)[1] = 0;
	((unsigned char *)__stack_chk_guard)[2] = '\n';
	((unsigned char *)__stack_chk_guard)[3] = 255;
}

#define STACKOVERFLOW	"] stack overflow"

void
__stack_chk_fail()
{
	char n[16]; // bigger than will hold the digits in a pid_t
	char *np;
	int pid = getpid();
	char message[sizeof(n) + sizeof(STACKOVERFLOW)] = "[";
	char prog[2*MAXCOMLEN+1] = {0};

	proc_name(pid, prog, 2*MAXCOMLEN);
	prog[2*MAXCOMLEN] = 0;
	np = n + sizeof(n);
	*--np = 0;
	while(pid > 0) {
	    *--np = (pid % 10) + '0';
	    pid /= 10;
	}
	strlcat(message, np, sizeof(message));
	strlcat(message, STACKOVERFLOW, sizeof(message));
	/* This may fail on a chroot jail... */
	_simple_asl_log_prog(ASL_LEVEL_CRIT, "user", message, prog);

	CRSetCrashLogMessage(message);
	__abort();
}
Commit	Line	Data
1f2f436a A	1	/* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */
1f2f436a A	2
eb1cde05 A	3	/*
	4	* Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat.
	5	* All rights reserved.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in the
	14	* documentation and/or other materials provided with the distribution.
	15	*
	16	* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
	17	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	18	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	19	* DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT,
	20	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	21	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	22	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	23	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	24	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
	25	* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	26	* POSSIBILITY OF SUCH DAMAGE.
	27	*
	28	*/
	29
eb1cde05	30	#include <sys/param.h>
1f2f436a A	31	#include <signal.h>
1f2f436a A	32	#include <string.h>
ad3c9f2a A	33	#include <stdlib.h>
ad3c9f2a A	34	#include <asl.h>
1f2f436a	35	#include <unistd.h>
ad3c9f2a A	36	#include <sys/types.h>
	37	#include <fcntl.h>
	38	#include "CrashReporterClient.h"
	39	#include "libproc.h"
	40	#include "_simple.h"
1f2f436a	41
ad3c9f2a A	42	#define GUARD_MAX 8
	43	long __stack_chk_guard[GUARD_MAX] = {0, 0, 0, 0, 0, 0, 0, 0};
	44	void __abort(void) __dead2;
	45	void __guard_setup(const char *apple[]) __attribute__ ((visibility ("hidden")));
	46	void __stack_chk_fail(void);
eb1cde05 A	47
eb1cde05 A	48	static void
ad3c9f2a	49	__guard_from_kernel(const char *str)
eb1cde05	50	{
ad3c9f2a A	51	unsigned long long val;
	52	char tmp[20], *p;
	53	int idx = 0;
1f2f436a	54
ad3c9f2a A	55	/* Skip over the 'stack_guard=' key to the list of values */
	56	str = strchr(str, '=');
	57	if (str == NULL)
1f2f436a	58	return;
ad3c9f2a	59	str++;
1f2f436a	60
ad3c9f2a A	61	while (str && idx < GUARD_MAX) {
	62	/*
	63	* Pull the next numeric string out of the list and convert it to
	64	* a real number.
	65	*/
	66	strlcpy(tmp, str, 20);
	67	p = strchr(tmp, ',');
	68	if (p)
	69	*p = '\0';
	70	val = strtoull(tmp, NULL, 0);
	71	__stack_chk_guard[idx] = (long)(val & ((unsigned long) -1));
	72	idx++;
	73	if ((str = strchr(str, ',')) != NULL)
	74	str++;
1f2f436a	75	}
eb1cde05 A	76	}
	77
	78	void
ad3c9f2a	79	__guard_setup(const char *apple[])
eb1cde05	80	{
ad3c9f2a A	81	int fd;
	82	size_t len;
	83	const char **p;
1f2f436a	84
ad3c9f2a A	85	if (__stack_chk_guard[0] != 0)
ad3c9f2a A	86	return;
eb1cde05	87
ad3c9f2a A	88	for (p = apple; p && *p; p++) {
	89	if (strstr(p, "stack_guard") == p) {
	90	__guard_from_kernel(*p);
6465356a A	91	bzero((void)p, strlen(*p));
6465356a A	92	if (__stack_chk_guard[0] != 0) {
ad3c9f2a	93	return;
6465356a	94	}
ad3c9f2a A	95	}
	96	}
	97
	98	fd = open ("/dev/urandom", 0);
	99	if (fd != -1) {
	100	len = read (fd, (char*)&__stack_chk_guard, sizeof(__stack_chk_guard));
	101	close(fd);
	102	if (len == sizeof(__stack_chk_guard) &&
	103	*__stack_chk_guard != 0)
	104	return;
	105	}
	106
	107	/* If If a random generator can't be used, the protector switches the guard
	108	to the "terminator canary" */
	109	((unsigned char *)__stack_chk_guard)[0] = 0;
	110	((unsigned char *)__stack_chk_guard)[1] = 0;
	111	((unsigned char *)__stack_chk_guard)[2] = '\n';
	112	((unsigned char *)__stack_chk_guard)[3] = 255;
	113	}
	114
	115	#define STACKOVERFLOW "] stack overflow"
eb1cde05	116
ad3c9f2a A	117	void
	118	__stack_chk_fail()
	119	{
	120	char n[16]; // bigger than will hold the digits in a pid_t
	121	char *np;
	122	int pid = getpid();
	123	char message[sizeof(n) + sizeof(STACKOVERFLOW)] = "[";
	124	char prog[2*MAXCOMLEN+1] = {0};
eb1cde05	125
ad3c9f2a A	126	proc_name(pid, prog, 2*MAXCOMLEN);
	127	prog[2*MAXCOMLEN] = 0;
	128	np = n + sizeof(n);
	129	*--np = 0;
	130	while(pid > 0) {
	131	*--np = (pid % 10) + '0';
	132	pid /= 10;
	133	}
	134	strlcat(message, np, sizeof(message));
	135	strlcat(message, STACKOVERFLOW, sizeof(message));
	136	/* This may fail on a chroot jail... */
	137	_simple_asl_log_prog(ASL_LEVEL_CRIT, "user", message, prog);
eb1cde05	138
ad3c9f2a A	139	CRSetCrashLogMessage(message);
ad3c9f2a A	140	__abort();
eb1cde05	141	}