ensure canary is setup if stack-prot libs are dlopen'd into non-ssp app

previously, this usage could lead to a crash if the thread pointer was still uninitialized, and otherwise would just cause the canary to be zero (less secure).

ensure canary is setup if stack-prot libs are dlopen'd into non-ssp app
previously, this usage could lead to a crash if the thread pointer was still uninitialized, and otherwise would just cause the canary to be zero (less secure).
731e8ffd · Rich Felker · 2bd05a4f · 731e8ffd · 731e8ffd
隐藏空白更改
内联并排

Showing with 6 addition and 2 deletion

src/env/__stack_chk_fail.c src/env/__stack_chk_fail.c +2 -1

src/ldso/dynlink.c src/ldso/dynlink.c +4 -1

未找到文件。
--- a/src/env/__stack_chk_fail.c
+++ b/src/env/__stack_chk_fail.c
@@ -14,7 +14,8 @@ void __init_ssp(size_t *auxv)
 	for (i=0; auxv[i] && auxv[i]!=AT_RANDOM; i+=2);
 	if (auxv[i]) memcpy(&canary, (void *)auxv[i+1], sizeof canary);
 	else canary = (uintptr_t)&canary * 1103515245;
-	__stack_chk_guard = self->canary = canary;
+	a_cas_l(&__stack_chk_guard, 0, canary);
+	self->canary = __stack_chk_guard;
 }
 void __stack_chk_fail(void)

--- a/src/ldso/dynlink.c
+++ b/src/ldso/dynlink.c
@@ -81,6 +81,7 @@ static int ldso_fail;
 static jmp_buf rtld_fail;
 static pthread_rwlock_t lock;
 static struct debug debug;
+static size_t *auxv;
 struct debug *_dl_debug_addr = &debug;
@@ -603,7 +604,7 @@ void _dl_debug_state(void)
 void *__dynlink(int argc, char **argv)
 {
-	size_t *auxv, aux[AUX_CNT] = {0};
+	size_t aux[AUX_CNT] = {0};
 	size_t i;
 	Phdr *phdr;
 	Ehdr *ehdr;
@@ -838,6 +839,8 @@ void *dlopen(const char *file, int mode)
 		p->global = 1;
 	}
+	if (ssp_used) __init_ssp(auxv);
 	_dl_debug_state();
 	do_init_fini(tail);