sys/OpenBSD/stack_protector.c.patch

   1 --- stack_protector.c.orig      2010-10-07 09:55:01.000000000 -0700
   2 +++ stack_protector.c   2010-10-07 09:55:30.000000000 -0700
   3 @@ -28,65 +28,112 @@
   4   */
   5
   6  #include <sys/param.h>
   7 -#include <sys/sysctl.h>
   8  #include <signal.h>
   9  #include <string.h>
  10 -#include <syslog.h>
  11 +#include <stdlib.h>
  12 +#include <asl.h>
  13  #include <unistd.h>
  14 +#include <sys/types.h>
  15 +#include <fcntl.h>
  16 +#include "CrashReporterClient.h"
  17 +#include "libproc.h"
  18 +#include "_simple.h"
  19 +
  20 +#define        GUARD_MAX 8
  21 +long __stack_chk_guard[GUARD_MAX] = {0, 0, 0, 0, 0, 0, 0, 0};
  22 +void __abort(void) __dead2;
  23 +void __guard_setup(const char *apple[]) __attribute__ ((visibility ("hidden")));
  24 +void __stack_chk_fail(void);
  25
  26 -extern int __sysctl(int *, u_int, void *, size_t *, void *, size_t);
  27 +static void
  28 +__guard_from_kernel(const char *str)
  29 +{
  30 +       unsigned long long val;
  31 +       char tmp[20], *p;
  32 +       int idx = 0;
  33 +
  34 +       /* Skip over the 'stack_guard=' key to the list of values */
  35 +       str = strchr(str, '=');
  36 +       if (str == NULL)
  37 +               return;
  38 +       str++;
  39
  40 -long __guard[8] = {0, 0, 0, 0, 0, 0, 0, 0};
  41 -static void __guard_setup(void) __attribute__ ((constructor));
  42 -void __stack_smash_handler(char func[], int damaged __attribute__((unused)));
  43 +       while (str && idx < GUARD_MAX) {
  44 +               /*
  45 +                * Pull the next numeric string out of the list and convert it to
  46 +                * a real number.
  47 +                */
  48 +               strlcpy(tmp, str, 20);
  49 +               p = strchr(tmp, ',');
  50 +               if (p)
  51 +                       *p = '\0';
  52 +               val = strtoull(tmp, NULL, 0);
  53 +               __stack_chk_guard[idx] = (long)(val & ((unsigned long) -1));
  54 +               idx++;
  55 +               if ((str = strchr(str, ',')) != NULL)
  56 +                       str++;
  57 +       }
  58 +}
  59
  60 -static void
  61 -__guard_setup(void)
  62 +void
  63 +__guard_setup(const char *apple[])
  64  {
  65 -       int mib[2];
  66 +       int fd;
  67         size_t len;
  68 +       const char **p;
  69
  70 -       if (__guard[0] != 0)
  71 +       if (__stack_chk_guard[0] != 0)
  72                 return;
  73
  74 -       mib[0] = CTL_KERN;
  75 -       mib[1] = KERN_ARND;
  76 +       for (p = apple; p && *p; p++) {
  77 +               if (strstr(*p, "stack_guard") == *p) {
  78 +                       __guard_from_kernel(*p);
  79 +                       if (__stack_chk_guard[0] != 0)
  80 +                               return;
  81 +               }
  82 +       }
  83
  84 -       len = sizeof(__guard);
  85 -       if (__sysctl(mib, 2, __guard, &len, NULL, 0) == -1 ||
  86 -           len != sizeof(__guard)) {
  87 -               /* If sysctl was unsuccessful, use the "terminator canary". */
  88 -               ((unsigned char *)__guard)[0] = 0;
  89 -               ((unsigned char *)__guard)[1] = 0;
  90 -               ((unsigned char *)__guard)[2] = '\n';
  91 -               ((unsigned char *)__guard)[3] = 255;
  92 +       fd = open ("/dev/urandom", 0);
  93 +       if (fd != -1) {
  94 +               len = read (fd, (char*)&__stack_chk_guard, sizeof(__stack_chk_guard));
  95 +               close(fd);
  96 +               if (len == sizeof(__stack_chk_guard) &&
  97 +                    *__stack_chk_guard != 0)
  98 +                       return;
  99         }
 100 +
 101 +       /* If If a random generator can't be used, the protector switches the guard
 102 +           to the "terminator canary" */
 103 +       ((unsigned char *)__stack_chk_guard)[0] = 0;
 104 +       ((unsigned char *)__stack_chk_guard)[1] = 0;
 105 +       ((unsigned char *)__stack_chk_guard)[2] = '\n';
 106 +       ((unsigned char *)__stack_chk_guard)[3] = 255;
 107  }
 108
 109 -/*ARGSUSED*/
 110 +#define STACKOVERFLOW  "] stack overflow"
 111 +
 112  void
 113 -__stack_smash_handler(char func[], int damaged)
 114 +__stack_chk_fail()
 115  {
 116 -       struct syslog_data sdata = SYSLOG_DATA_INIT;
 117 -       const char message[] = "stack overflow in function %s";
 118 -       struct sigaction sa;
 119 -       sigset_t mask;
 120 -
 121 -       /* Immediately block all signal handlers from running code */
 122 -       sigfillset(&mask);
 123 -       sigdelset(&mask, SIGABRT);
 124 -       sigprocmask(SIG_BLOCK, &mask, NULL);
 125 -
 126 +       char n[16]; // bigger than will hold the digits in a pid_t
 127 +       char *np;
 128 +       int pid = getpid();
 129 +       char message[sizeof(n) + sizeof(STACKOVERFLOW)] = "[";
 130 +       char prog[2*MAXCOMLEN+1] = {0};
 131 +
 132 +       proc_name(pid, prog, 2*MAXCOMLEN);
 133 +       prog[2*MAXCOMLEN] = 0;
 134 +       np = n + sizeof(n);
 135 +       *--np = 0;
 136 +       while(pid > 0) {
 137 +           *--np = (pid % 10) + '0';
 138 +           pid /= 10;
 139 +       }
 140 +       strlcat(message, np, sizeof(message));
 141 +       strlcat(message, STACKOVERFLOW, sizeof(message));
 142         /* This may fail on a chroot jail... */
 143 -       syslog_r(LOG_CRIT, &sdata, message, func);
 144 -
 145 -       bzero(&sa, sizeof(struct sigaction));
 146 -       sigemptyset(&sa.sa_mask);
 147 -       sa.sa_flags = 0;
 148 -       sa.sa_handler = SIG_DFL;
 149 -       sigaction(SIGABRT, &sa, NULL);
 150 -
 151 -       kill(getpid(), SIGABRT);
 152 +       _simple_asl_log_prog(ASL_LEVEL_CRIT, "user", message, prog);
 153
 154 -       _exit(127);
 155 +       CRSetCrashLogMessage(message);
 156 +       __abort();
 157  }