/[vps]/dietlibc/patches/0.30_pre20060501-r1/60_all_ssp.patch
Gentoo

Contents of /dietlibc/patches/0.30_pre20060501-r1/60_all_ssp.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 352 - (show annotations) (download)
Tue May 2 15:11:48 2006 UTC (8 years, 4 months ago) by phreak
File size: 6360 byte(s)
Starting -r1 patch series for the cvs snapshot, that should fix my diet.ld.conf "bug"
1 Index: dietlibc-0.30_pre20060501/i386/start.S
2 ===================================================================
3 --- dietlibc-0.30_pre20060501.orig/i386/start.S
4 +++ dietlibc-0.30_pre20060501/i386/start.S
5 @@ -50,7 +50,9 @@ _start:
6 PUT_VAR %edi, __vsyscall, %edx
7 1:
8 #endif
9 -
10 +#ifdef __dietlibc__
11 + call __guard_setup
12 +#endif
13 #ifdef WANT_DYNAMIC
14 call _dyn_start
15 #else
16 Index: dietlibc-0.30_pre20060501/lib/ssp.c
17 ===================================================================
18 --- /dev/null
19 +++ dietlibc-0.30_pre20060501/lib/ssp.c
20 @@ -0,0 +1,129 @@
21 +/*
22 + * Distributed under the terms of the GNU General Public License v2
23 + * $Header: /var/cvsroot/gentoo-x86/dev-libs/dietlibc/files/ssp.c,v 1.2 2004/12/05 19:25:40 solar Exp $
24 + *
25 + * This is a modified version of Hiroaki Etoh's stack smashing routines
26 + * implemented for glibc.
27 + *
28 + * The following people have contributed input to this code.
29 + * Ned Ludd - <solar[@]gentoo.org>
30 + * Alexander Gabert - <pappy[@]gentoo.org>
31 + * The PaX Team - <pageexec[@]freemail.hu>
32 + * Peter S. Mazinger - <ps.m[@]gmx.net>
33 + * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
34 + * Robert Connolly - <robert[@]linuxfromscratch.org>
35 + * Cory Visi <cory@visi.name>
36 + *
37 + */
38 +
39 +#ifdef HAVE_CONFIG_H
40 +# include <config.h>
41 +#endif
42 +
43 +#include <stdio.h>
44 +#include <string.h>
45 +#include <fcntl.h>
46 +#include <unistd.h>
47 +#include <signal.h>
48 +#include <sys/types.h>
49 +#include <sys/socket.h>
50 +#include <sys/un.h>
51 +#include <sys/time.h>
52 +
53 +#ifdef __PROPOLICE_BLOCK_SEGV__
54 +#define SSP_SIGTYPE SIGSEGV
55 +#elif __PROPOLICE_BLOCK_KILL__
56 +#define SSP_SIGTYPE SIGKILL
57 +#else
58 +#define SSP_SIGTYPE SIGABRT
59 +#endif
60 +
61 +unsigned long __guard = 0UL;
62 +
63 +void
64 +__guard_setup (void)
65 +{
66 + size_t size;
67 + if (__guard != 0UL)
68 + return;
69 +
70 +#ifndef __SSP_QUICK_CANARY__
71 + /*
72 + * Attempt to open kernel pseudo random device if one exists before
73 + * opening urandom to avoid system entropy depletion.
74 + */
75 + {
76 + int fd;
77 +#ifdef HAVE_DEV_ERANDOM
78 + if ((fd = open ("/dev/erandom", O_RDONLY)) == (-1))
79 +#endif
80 + fd = open ("/dev/urandom", O_RDONLY);
81 + if (fd != (-1))
82 + {
83 + size = read (fd, (char *) &__guard, sizeof (__guard));
84 + close (fd);
85 + if (size == sizeof (__guard))
86 + return;
87 + }
88 + }
89 +#endif
90 +
91 + /* If sysctl was unsuccessful, use the "terminator canary". */
92 + __guard = 0xFF0A0D00UL;
93 +
94 + {
95 + /* Everything failed? Or we are using a weakened model of the
96 + * terminator canary */
97 + struct timeval tv;
98 +
99 + gettimeofday (&tv, NULL);
100 + __guard ^= tv.tv_usec ^ tv.tv_sec;
101 + }
102 +}
103 +
104 +void
105 +__stack_smash_handler (char func[], int damaged)
106 +{
107 + struct sigaction sa;
108 + const char message[] = ": stack smashing attack in function ";
109 + int bufsz, len;
110 + char buf[512];
111 + static char *__progname = "dietapp";
112 +
113 + sigset_t mask;
114 + sigfillset (&mask);
115 +
116 + sigdelset (&mask, SSP_SIGTYPE); /* Block all signal handlers */
117 + sigprocmask (SIG_BLOCK, &mask, NULL); /* except SIGABRT */
118 +
119 + bufsz = sizeof (buf);
120 + strcpy (buf, "<2>");
121 + len = 3;
122 +
123 + strncat (buf, __progname, sizeof (buf) - 4);
124 + len = strlen (buf);
125 +
126 + if (bufsz > len)
127 + {
128 + strncat (buf, message, bufsz - len - 1);
129 + len = strlen (buf);
130 + }
131 + if (bufsz > len)
132 + {
133 + strncat (buf, func, bufsz - len - 1);
134 + len = strlen (buf);
135 + }
136 +
137 + /* print error message */
138 + write (STDERR_FILENO, buf + 3, len - 3);
139 + write (STDERR_FILENO, "()\n", 3);
140 +
141 + /* Make sure the default handler is associated with the our signal handler */
142 + memset (&sa, 0, sizeof (struct sigaction));
143 + sigfillset (&sa.sa_mask); /* Block all signals */
144 + sa.sa_flags = 0;
145 + sa.sa_handler = SIG_DFL;
146 + sigaction (SSP_SIGTYPE, &sa, NULL);
147 + (void) kill (getpid (), SSP_SIGTYPE);
148 + _exit (127);
149 +}
150 Index: dietlibc-0.30_pre20060501/sparc/start.S
151 ===================================================================
152 --- dietlibc-0.30_pre20060501.orig/sparc/start.S
153 +++ dietlibc-0.30_pre20060501/sparc/start.S
154 @@ -31,6 +31,9 @@ _start:
155 be NULL. */
156
157 /* Let libc do the rest of the initialization, and call main. */
158 +#if 0 /* FIXME: __dietlibc__ */
159 + call __guard_setup
160 +#endif
161 #ifdef WANT_DYNAMIC
162 call _dyn_start
163 #else
164 Index: dietlibc-0.30_pre20060501/sparc64/start.S
165 ===================================================================
166 --- dietlibc-0.30_pre20060501.orig/sparc64/start.S
167 +++ dietlibc-0.30_pre20060501/sparc64/start.S
168 @@ -31,6 +31,9 @@ _start:
169 be NULL. */
170
171 /* Let libc do the rest of the initialization, and call main. */
172 +#if 0 /* FIXME: __dietlibc__ */
173 + call __guard_setup
174 +#endif
175 #ifdef WANT_DYNAMIC
176 call _dyn_start
177 #else
178 Index: dietlibc-0.30_pre20060501/x86_64/start.S
179 ===================================================================
180 --- dietlibc-0.30_pre20060501.orig/x86_64/start.S
181 +++ dietlibc-0.30_pre20060501/x86_64/start.S
182 @@ -35,6 +35,10 @@ _start:
183 popq %rdi
184 #endif
185
186 +#if 0 /* FIXME: __dietlibc__ */
187 + call __guard_setup
188 +#endif
189 +
190 #ifdef WANT_DYNAMIC
191 call _dyn_start
192 #else
193 Index: dietlibc-0.30_pre20060501/lib/stack_smash_handler2.c
194 ===================================================================
195 --- dietlibc-0.30_pre20060501.orig/lib/stack_smash_handler2.c
196 +++ /dev/null
197 @@ -1,12 +0,0 @@
198 -#include <unistd.h>
199 -#include <write12.h>
200 -
201 -void __stack_chk_fail(void);
202 -
203 -/* earlier versions of ProPolice actually gave the address and function
204 - * name as arguments to the handler, so it could print some useful
205 - * diagnostics. No more. :-( */
206 -void __stack_chk_fail(void) {
207 - __write2("smashed stack detected, program terminated.\n");
208 - _exit(127);
209 -}
210 Index: dietlibc-0.30_pre20060501/lib/stack_smash_handler.c
211 ===================================================================
212 --- dietlibc-0.30_pre20060501.orig/lib/stack_smash_handler.c
213 +++ /dev/null
214 @@ -1,25 +0,0 @@
215 -#include <write12.h>
216 -#include <unistd.h>
217 -
218 -/* this is only used with ProPolice in gcc 3.x */
219 -
220 -void __stack_smash_handler(char* func,unsigned int damaged);
221 -void __stack_smash_handler(char* func,unsigned int damaged) {
222 - char buf[sizeof(char*)*2+1];
223 - int i;
224 - for (i=0; i<(int)sizeof(buf)-1; ++i) {
225 - char c=damaged&0xf;
226 - c+=c<10?'0':'a';
227 - buf[sizeof(buf)-2-i]=c;
228 - damaged>>=4;
229 - }
230 - buf[sizeof(buf)-1]=0;
231 - __write2("stack smashed in ");
232 - __write2(func);
233 - __write2(" (value 0x");
234 - __write2(buf);
235 - __write2(")\n");
236 - _exit(127);
237 -}
238 -
239 -

  ViewVC Help
Powered by ViewVC 1.1.20