From 731e8ffdcf6877c04092aa9fbd2b17907b8846c7 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Sat, 25 Aug 2012 17:24:46 -0400 Subject: ensure canary is setup if stack-prot libs are dlopen'd into non-ssp app previously, this usage could lead to a crash if the thread pointer was still uninitialized, and otherwise would just cause the canary to be zero (less secure). --- src/env/__stack_chk_fail.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/env') diff --git a/src/env/__stack_chk_fail.c b/src/env/__stack_chk_fail.c index c6d0feb9..eac852b7 100644 --- a/src/env/__stack_chk_fail.c +++ b/src/env/__stack_chk_fail.c @@ -14,7 +14,8 @@ void __init_ssp(size_t *auxv) for (i=0; auxv[i] && auxv[i]!=AT_RANDOM; i+=2); if (auxv[i]) memcpy(&canary, (void *)auxv[i+1], sizeof canary); else canary = (uintptr_t)&canary * 1103515245; - __stack_chk_guard = self->canary = canary; + a_cas_l(&__stack_chk_guard, 0, canary); + self->canary = __stack_chk_guard; } void __stack_chk_fail(void) -- cgit v1.2.1