diff options
| author | Rich Felker <dalias@aerifal.cx> | 2012-08-25 17:24:46 -0400 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2012-08-25 17:24:46 -0400 |
| commit | 731e8ffdcf6877c04092aa9fbd2b17907b8846c7 (patch) | |
| tree | 0212e1ff8516eceab38bd1552322bee7dd11841c /src | |
| parent | 2bd05a4fc26c297754f7ee5745a1c3b072a44b7d (diff) | |
| download | musl-731e8ffdcf6877c04092aa9fbd2b17907b8846c7.tar.gz | |
ensure canary is setup if stack-prot libs are dlopen'd into non-ssp app
previously, this usage could lead to a crash if the thread pointer was
still uninitialized, and otherwise would just cause the canary to be
zero (less secure).
Diffstat (limited to 'src')
| -rw-r--r-- | src/env/__stack_chk_fail.c | 3 | ||||
| -rw-r--r-- | src/ldso/dynlink.c | 5 |
2 files changed, 6 insertions, 2 deletions
diff --git a/src/env/__stack_chk_fail.c b/src/env/__stack_chk_fail.c index c6d0feb9..eac852b7 100644 --- a/src/env/__stack_chk_fail.c +++ b/src/env/__stack_chk_fail.c @@ -14,7 +14,8 @@ void __init_ssp(size_t *auxv) for (i=0; auxv[i] && auxv[i]!=AT_RANDOM; i+=2); if (auxv[i]) memcpy(&canary, (void *)auxv[i+1], sizeof canary); else canary = (uintptr_t)&canary * 1103515245; - __stack_chk_guard = self->canary = canary; + a_cas_l(&__stack_chk_guard, 0, canary); + self->canary = __stack_chk_guard; } void __stack_chk_fail(void) diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c index d7d68002..6ffda49c 100644 --- a/src/ldso/dynlink.c +++ b/src/ldso/dynlink.c @@ -81,6 +81,7 @@ static int ldso_fail; static jmp_buf rtld_fail; static pthread_rwlock_t lock; static struct debug debug; +static size_t *auxv; struct debug *_dl_debug_addr = &debug; @@ -603,7 +604,7 @@ void _dl_debug_state(void) void *__dynlink(int argc, char **argv) { - size_t *auxv, aux[AUX_CNT] = {0}; + size_t aux[AUX_CNT] = {0}; size_t i; Phdr *phdr; Ehdr *ehdr; @@ -838,6 +839,8 @@ void *dlopen(const char *file, int mode) p->global = 1; } + if (ssp_used) __init_ssp(auxv); + _dl_debug_state(); do_init_fini(tail); |