Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 49140 Details for
Bug 66553
(toolchain) artsdsp stack smashing attack in function read()
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
a working patch
ssp.c-no-overload-crash.patch (text/plain), 2.54 KB, created by
Malte S. Stretz
on 2005-01-21 13:54:16 UTC
(
hide
)
Description:
a working patch
Filename:
MIME Type:
Creator:
Malte S. Stretz
Created:
2005-01-21 13:54:16 UTC
Size:
2.54 KB
patch
obsolete
>--- glibc-2.3.3/sysdeps/unix/sysv/linux/ssp.c.orig 2004-08-07 20:08:05.000000000 +0200 >+++ glibc-2.3.3/sysdeps/unix/sysv/linux/ssp.c 2005-01-21 18:45:18.000000000 +0100 >@@ -13,6 +13,7 @@ > * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> > * Robert Connolly - <robert[@]linuxfromscratch.org> > * Cory Visi <cory@visi.name> >+ * Malte S. Stretz <mss[@]msquadrat.de> > * > */ > >@@ -76,13 +77,13 @@ __guard_setup (void) > { > int fd; > #ifdef HAVE_DEV_ERANDOM >- if ((fd = open ("/dev/erandom", O_RDONLY)) == (-1)) >+ if ((fd = __open ("/dev/erandom", O_RDONLY)) == (-1)) > #endif >- fd = open ("/dev/urandom", O_RDONLY); >+ fd = __open ("/dev/urandom", O_RDONLY); > if (fd != (-1)) > { >- size = read (fd, (char *) &__guard, sizeof (__guard)); >- close (fd); >+ size = __libc_read (fd, (char *) &__guard, sizeof (__guard)); >+ __close (fd); > if (size == sizeof (__guard)) > return; > } >@@ -97,7 +98,7 @@ __guard_setup (void) > * terminator canary */ > struct timeval tv; > >- gettimeofday (&tv, NULL); >+ __gettimeofday (&tv, NULL); > __guard ^= tv.tv_usec ^ tv.tv_sec; > } > } >@@ -121,7 +122,7 @@ __stack_smash_handler (char func[], int > sigfillset (&mask); > > sigdelset (&mask, SSP_SIGTYPE); /* Block all signal handlers */ >- sigprocmask (SIG_BLOCK, &mask, NULL); /* except SIGABRT */ >+ __sigprocmask (SIG_BLOCK, &mask, NULL); /* except SIGABRT */ > > bufsz = sizeof (buf); > strcpy (buf, "<2>"); >@@ -145,13 +146,14 @@ __stack_smash_handler (char func[], int > write (STDERR_FILENO, buf + 3, len - 3); > write (STDERR_FILENO, "()\n", 3); > #ifndef __dietlibc__ >+ /* FIXME: __socket() is just a stub, should this call be replaced? */ > if ((log = socket (AF_UNIX, SOCK_DGRAM, 0)) != -1) > { > /* Send "found" message to the "/dev/log" path */ > sock.sun_family = AF_UNIX; > (void) strncpy (sock.sun_path, _PATH_LOG, sizeof (sock.sun_path) - 1); > sock.sun_path[sizeof (sock.sun_path) - 1] = '\0'; >- sendto (log, buf, len, 0, (struct sockaddr *) &sock, sizeof (sock)); >+ __sendto (log, buf, len, 0, (struct sockaddr *) &sock, sizeof (sock)); > } > #endif > /* Make sure the default handler is associated with the our signal handler */ >@@ -160,7 +162,8 @@ __stack_smash_handler (char func[], int > sigfillset (&sa.sa_mask); /* Block all signals */ > sa.sa_flags = 0; > sa.sa_handler = SIG_DFL; >- sigaction (SSP_SIGTYPE, &sa, NULL); >+ __sigaction (SSP_SIGTYPE, &sa, NULL); >+ /* FIXME: __kill() is just a stub, should this call be replaced? */ > (void) kill (getpid (), SSP_SIGTYPE); > _exit (127); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=49140">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 66553
:
41237
|
41509
|
44433
|
44434
|
49002
| 49140 |
49141
|
49142
