summaryrefslogtreecommitdiff
path: root/src/env
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2015-05-06 18:37:19 -0400
committerRich Felker <dalias@aerifal.cx>2015-05-06 18:37:19 -0400
commit484194dbf41758eec0ef62fef5fe9350c21b9241 (patch)
treed0b407880ba1c62f9fd3b551c6e9a9e745bd8cdd /src/env
parentd0040e239e8d3048a7fb38f0bacaad4838fac605 (diff)
downloadmusl-484194dbf41758eec0ef62fef5fe9350c21b9241.tar.gz
fix stack protector crashes on x32 & powerpc due to misplaced TLS canary
i386, x86_64, x32, and powerpc all use TLS for stack protector canary values in the default stack protector ABI, but the location only matched the ABI on i386 and x86_64. on x32, the expected location for the canary contained the tid, thus producing spurious mismatches (resulting in process termination) upon fork. on powerpc, the expected location contained the stdio_locks list head, so returning from a function after calling flockfile produced spurious mismatches. in both cases, the random canary was not present, and a predictable value was used instead, making the stack protector hardening much less effective than it should be. in the current fix, the thread structure has been expanded to have canary fields at all three possible locations, and archs that use a non-default location must define a macro in pthread_arch.h to choose which location is used. for most archs (which lack TLS canary ABI) the choice does not matter.
Diffstat (limited to 'src/env')
-rw-r--r--src/env/__stack_chk_fail.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/env/__stack_chk_fail.c b/src/env/__stack_chk_fail.c
index 1b6a9f82..47784c62 100644
--- a/src/env/__stack_chk_fail.c
+++ b/src/env/__stack_chk_fail.c
@@ -9,7 +9,7 @@ void __init_ssp(void *entropy)
if (entropy) memcpy(&__stack_chk_guard, entropy, sizeof(uintptr_t));
else __stack_chk_guard = (uintptr_t)&__stack_chk_guard * 1103515245;
- __pthread_self()->canary = __stack_chk_guard;
+ __pthread_self()->CANARY = __stack_chk_guard;
}
void __stack_chk_fail(void)