diff options
author | Benedikt Boehm <hollow@gentoo.org> | 2006-05-02 09:35:41 +0000 |
---|---|---|
committer | Benedikt Boehm <hollow@gentoo.org> | 2006-05-02 09:35:41 +0000 |
commit | dd2f75f7d8d5ed027e71408a9924128d6d8c9243 (patch) | |
tree | d849e0e8542f9bc6706a1152016e1292eebd5319 /dietlibc | |
parent | add missing prefix patch (diff) | |
download | misc-dd2f75f7d8d5ed027e71408a9924128d6d8c9243.tar.gz misc-dd2f75f7d8d5ed027e71408a9924128d6d8c9243.tar.bz2 misc-dd2f75f7d8d5ed027e71408a9924128d6d8c9243.zip |
dietlibc has own ssp
svn path=/; revision=348
Diffstat (limited to 'dietlibc')
-rw-r--r-- | dietlibc/patches/0.30_pre20060501-r0/05_all_want-stackgap.patch | 13 | ||||
-rw-r--r-- | dietlibc/patches/0.30_pre20060501-r0/60_all_ssp.patch | 239 | ||||
-rw-r--r-- | dietlibc/tools/ssp.c | 129 |
3 files changed, 13 insertions, 368 deletions
diff --git a/dietlibc/patches/0.30_pre20060501-r0/05_all_want-stackgap.patch b/dietlibc/patches/0.30_pre20060501-r0/05_all_want-stackgap.patch new file mode 100644 index 0000000..4a94426 --- /dev/null +++ b/dietlibc/patches/0.30_pre20060501-r0/05_all_want-stackgap.patch @@ -0,0 +1,13 @@ +Index: dietlibc-0.30_pre20060501/dietfeatures.h +=================================================================== +--- dietlibc-0.30_pre20060501.orig/dietfeatures.h ++++ dietlibc-0.30_pre20060501/dietfeatures.h +@@ -99,7 +99,7 @@ + /* WARNING: this appears to break with some binutils versions. Works + * for me with binutils 2.15. The symptom is an error message that + * `main' can not be found. */ +-/* #define WANT_STACKGAP */ ++#define WANT_STACKGAP + + /* Include support for ProPolice/SSP, calls guard_setup */ + /* ProPolice is part of gcc 4.1 and up, there were patches for earlier diff --git a/dietlibc/patches/0.30_pre20060501-r0/60_all_ssp.patch b/dietlibc/patches/0.30_pre20060501-r0/60_all_ssp.patch deleted file mode 100644 index a43fdb1..0000000 --- a/dietlibc/patches/0.30_pre20060501-r0/60_all_ssp.patch +++ /dev/null @@ -1,239 +0,0 @@ -Index: dietlibc-0.30_pre20060501/i386/start.S -=================================================================== ---- dietlibc-0.30_pre20060501.orig/i386/start.S -+++ dietlibc-0.30_pre20060501/i386/start.S -@@ -50,7 +50,9 @@ _start: - PUT_VAR %edi, __vsyscall, %edx - 1: - #endif -- -+#ifdef __dietlibc__ -+ call __guard_setup -+#endif - #ifdef WANT_DYNAMIC - call _dyn_start - #else -Index: dietlibc-0.30_pre20060501/lib/ssp.c -=================================================================== ---- /dev/null -+++ dietlibc-0.30_pre20060501/lib/ssp.c -@@ -0,0 +1,129 @@ -+/* -+ * Distributed under the terms of the GNU General Public License v2 -+ * $Header: /var/cvsroot/gentoo-x86/dev-libs/dietlibc/files/ssp.c,v 1.2 2004/12/05 19:25:40 solar Exp $ -+ * -+ * This is a modified version of Hiroaki Etoh's stack smashing routines -+ * implemented for glibc. -+ * -+ * The following people have contributed input to this code. -+ * Ned Ludd - <solar[@]gentoo.org> -+ * Alexander Gabert - <pappy[@]gentoo.org> -+ * The PaX Team - <pageexec[@]freemail.hu> -+ * Peter S. Mazinger - <ps.m[@]gmx.net> -+ * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> -+ * Robert Connolly - <robert[@]linuxfromscratch.org> -+ * Cory Visi <cory@visi.name> -+ * -+ */ -+ -+#ifdef HAVE_CONFIG_H -+# include <config.h> -+#endif -+ -+#include <stdio.h> -+#include <string.h> -+#include <fcntl.h> -+#include <unistd.h> -+#include <signal.h> -+#include <sys/types.h> -+#include <sys/socket.h> -+#include <sys/un.h> -+#include <sys/time.h> -+ -+#ifdef __PROPOLICE_BLOCK_SEGV__ -+#define SSP_SIGTYPE SIGSEGV -+#elif __PROPOLICE_BLOCK_KILL__ -+#define SSP_SIGTYPE SIGKILL -+#else -+#define SSP_SIGTYPE SIGABRT -+#endif -+ -+unsigned long __guard = 0UL; -+ -+void -+__guard_setup (void) -+{ -+ size_t size; -+ if (__guard != 0UL) -+ return; -+ -+#ifndef __SSP_QUICK_CANARY__ -+ /* -+ * Attempt to open kernel pseudo random device if one exists before -+ * opening urandom to avoid system entropy depletion. -+ */ -+ { -+ int fd; -+#ifdef HAVE_DEV_ERANDOM -+ if ((fd = open ("/dev/erandom", O_RDONLY)) == (-1)) -+#endif -+ fd = open ("/dev/urandom", O_RDONLY); -+ if (fd != (-1)) -+ { -+ size = read (fd, (char *) &__guard, sizeof (__guard)); -+ close (fd); -+ if (size == sizeof (__guard)) -+ return; -+ } -+ } -+#endif -+ -+ /* If sysctl was unsuccessful, use the "terminator canary". */ -+ __guard = 0xFF0A0D00UL; -+ -+ { -+ /* Everything failed? Or we are using a weakened model of the -+ * terminator canary */ -+ struct timeval tv; -+ -+ gettimeofday (&tv, NULL); -+ __guard ^= tv.tv_usec ^ tv.tv_sec; -+ } -+} -+ -+void -+__stack_smash_handler (char func[], int damaged) -+{ -+ struct sigaction sa; -+ const char message[] = ": stack smashing attack in function "; -+ int bufsz, len; -+ char buf[512]; -+ static char *__progname = "dietapp"; -+ -+ sigset_t mask; -+ sigfillset (&mask); -+ -+ sigdelset (&mask, SSP_SIGTYPE); /* Block all signal handlers */ -+ sigprocmask (SIG_BLOCK, &mask, NULL); /* except SIGABRT */ -+ -+ bufsz = sizeof (buf); -+ strcpy (buf, "<2>"); -+ len = 3; -+ -+ strncat (buf, __progname, sizeof (buf) - 4); -+ len = strlen (buf); -+ -+ if (bufsz > len) -+ { -+ strncat (buf, message, bufsz - len - 1); -+ len = strlen (buf); -+ } -+ if (bufsz > len) -+ { -+ strncat (buf, func, bufsz - len - 1); -+ len = strlen (buf); -+ } -+ -+ /* print error message */ -+ write (STDERR_FILENO, buf + 3, len - 3); -+ write (STDERR_FILENO, "()\n", 3); -+ -+ /* Make sure the default handler is associated with the our signal handler */ -+ memset (&sa, 0, sizeof (struct sigaction)); -+ sigfillset (&sa.sa_mask); /* Block all signals */ -+ sa.sa_flags = 0; -+ sa.sa_handler = SIG_DFL; -+ sigaction (SSP_SIGTYPE, &sa, NULL); -+ (void) kill (getpid (), SSP_SIGTYPE); -+ _exit (127); -+} -Index: dietlibc-0.30_pre20060501/sparc/start.S -=================================================================== ---- dietlibc-0.30_pre20060501.orig/sparc/start.S -+++ dietlibc-0.30_pre20060501/sparc/start.S -@@ -31,6 +31,9 @@ _start: - be NULL. */ - - /* Let libc do the rest of the initialization, and call main. */ -+#if 0 /* FIXME: __dietlibc__ */ -+ call __guard_setup -+#endif - #ifdef WANT_DYNAMIC - call _dyn_start - #else -Index: dietlibc-0.30_pre20060501/sparc64/start.S -=================================================================== ---- dietlibc-0.30_pre20060501.orig/sparc64/start.S -+++ dietlibc-0.30_pre20060501/sparc64/start.S -@@ -31,6 +31,9 @@ _start: - be NULL. */ - - /* Let libc do the rest of the initialization, and call main. */ -+#if 0 /* FIXME: __dietlibc__ */ -+ call __guard_setup -+#endif - #ifdef WANT_DYNAMIC - call _dyn_start - #else -Index: dietlibc-0.30_pre20060501/x86_64/start.S -=================================================================== ---- dietlibc-0.30_pre20060501.orig/x86_64/start.S -+++ dietlibc-0.30_pre20060501/x86_64/start.S -@@ -35,6 +35,10 @@ _start: - popq %rdi - #endif - -+#if 0 /* FIXME: __dietlibc__ */ -+ call __guard_setup -+#endif -+ - #ifdef WANT_DYNAMIC - call _dyn_start - #else -Index: dietlibc-0.30_pre20060501/lib/stack_smash_handler2.c -=================================================================== ---- dietlibc-0.30_pre20060501.orig/lib/stack_smash_handler2.c -+++ /dev/null -@@ -1,12 +0,0 @@ --#include <unistd.h> --#include <write12.h> -- --void __stack_chk_fail(void); -- --/* earlier versions of ProPolice actually gave the address and function -- * name as arguments to the handler, so it could print some useful -- * diagnostics. No more. :-( */ --void __stack_chk_fail(void) { -- __write2("smashed stack detected, program terminated.\n"); -- _exit(127); --} -Index: dietlibc-0.30_pre20060501/lib/stack_smash_handler.c -=================================================================== ---- dietlibc-0.30_pre20060501.orig/lib/stack_smash_handler.c -+++ /dev/null -@@ -1,25 +0,0 @@ --#include <write12.h> --#include <unistd.h> -- --/* this is only used with ProPolice in gcc 3.x */ -- --void __stack_smash_handler(char* func,unsigned int damaged); --void __stack_smash_handler(char* func,unsigned int damaged) { -- char buf[sizeof(char*)*2+1]; -- int i; -- for (i=0; i<(int)sizeof(buf)-1; ++i) { -- char c=damaged&0xf; -- c+=c<10?'0':'a'; -- buf[sizeof(buf)-2-i]=c; -- damaged>>=4; -- } -- buf[sizeof(buf)-1]=0; -- __write2("stack smashed in "); -- __write2(func); -- __write2(" (value 0x"); -- __write2(buf); -- __write2(")\n"); -- _exit(127); --} -- -- diff --git a/dietlibc/tools/ssp.c b/dietlibc/tools/ssp.c deleted file mode 100644 index 9db8327..0000000 --- a/dietlibc/tools/ssp.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Distributed under the terms of the GNU General Public License v2 - * $Header: /var/cvsroot/gentoo-x86/dev-libs/dietlibc/files/ssp.c,v 1.2 2004/12/05 19:25:40 solar Exp $ - * - * This is a modified version of Hiroaki Etoh's stack smashing routines - * implemented for glibc. - * - * The following people have contributed input to this code. - * Ned Ludd - <solar[@]gentoo.org> - * Alexander Gabert - <pappy[@]gentoo.org> - * The PaX Team - <pageexec[@]freemail.hu> - * Peter S. Mazinger - <ps.m[@]gmx.net> - * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> - * Robert Connolly - <robert[@]linuxfromscratch.org> - * Cory Visi <cory@visi.name> - * - */ - -#ifdef HAVE_CONFIG_H -# include <config.h> -#endif - -#include <stdio.h> -#include <string.h> -#include <fcntl.h> -#include <unistd.h> -#include <signal.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/un.h> -#include <sys/time.h> - -#ifdef __PROPOLICE_BLOCK_SEGV__ -#define SSP_SIGTYPE SIGSEGV -#elif __PROPOLICE_BLOCK_KILL__ -#define SSP_SIGTYPE SIGKILL -#else -#define SSP_SIGTYPE SIGABRT -#endif - -unsigned long __guard = 0UL; - -void -__guard_setup (void) -{ - size_t size; - if (__guard != 0UL) - return; - -#ifndef __SSP_QUICK_CANARY__ - /* - * Attempt to open kernel pseudo random device if one exists before - * opening urandom to avoid system entropy depletion. - */ - { - int fd; -#ifdef HAVE_DEV_ERANDOM - if ((fd = open ("/dev/erandom", O_RDONLY)) == (-1)) -#endif - fd = open ("/dev/urandom", O_RDONLY); - if (fd != (-1)) - { - size = read (fd, (char *) &__guard, sizeof (__guard)); - close (fd); - if (size == sizeof (__guard)) - return; - } - } -#endif - - /* If sysctl was unsuccessful, use the "terminator canary". */ - __guard = 0xFF0A0D00UL; - - { - /* Everything failed? Or we are using a weakened model of the - * terminator canary */ - struct timeval tv; - - gettimeofday (&tv, NULL); - __guard ^= tv.tv_usec ^ tv.tv_sec; - } -} - -void -__stack_smash_handler (char func[], int damaged) -{ - struct sigaction sa; - const char message[] = ": stack smashing attack in function "; - int bufsz, len; - char buf[512]; - static char *__progname = "dietapp"; - - sigset_t mask; - sigfillset (&mask); - - sigdelset (&mask, SSP_SIGTYPE); /* Block all signal handlers */ - sigprocmask (SIG_BLOCK, &mask, NULL); /* except SIGABRT */ - - bufsz = sizeof (buf); - strcpy (buf, "<2>"); - len = 3; - - strncat (buf, __progname, sizeof (buf) - 4); - len = strlen (buf); - - if (bufsz > len) - { - strncat (buf, message, bufsz - len - 1); - len = strlen (buf); - } - if (bufsz > len) - { - strncat (buf, func, bufsz - len - 1); - len = strlen (buf); - } - - /* print error message */ - write (STDERR_FILENO, buf + 3, len - 3); - write (STDERR_FILENO, "()\n", 3); - - /* Make sure the default handler is associated with the our signal handler */ - memset (&sa, 0, sizeof (struct sigaction)); - sigfillset (&sa.sa_mask); /* Block all signals */ - sa.sa_flags = 0; - sa.sa_handler = SIG_DFL; - sigaction (SSP_SIGTYPE, &sa, NULL); - (void) kill (getpid (), SSP_SIGTYPE); - _exit (127); -} |