Line 0
Link Here
|
|
|
1 |
/* |
2 |
* Distributed under the terms of the GNU General Public License v2 |
3 |
* $Header: /var/cvsroot/gentoo-x86/sys-apps/mkinitrd/files/mkinitrd-3.5.7-dietssp.patch,v 1.1 2004/10/10 22:44:47 solar Exp $ |
4 |
* |
5 |
* This is a modified version of Hiroaki Etoh's stack smashing routines |
6 |
* implemented for glibc. |
7 |
* |
8 |
* The following people have contributed input to this code. |
9 |
* Ned Ludd - <solar[@]gentoo.org> |
10 |
* Alexander Gabert - <pappy[@]gentoo.org> |
11 |
* The PaX Team - <pageexec[@]freemail.hu> |
12 |
* Peter S. Mazinger - <ps.m[@]gmx.net> |
13 |
* Yoann Vandoorselaere - <yoann[@]prelude-ids.org> |
14 |
* Robert Connolly - <robert[@]linuxfromscratch.org> |
15 |
* Cory Visi <cory@visi.name> |
16 |
* |
17 |
*/ |
18 |
|
19 |
#ifdef HAVE_CONFIG_H |
20 |
# include <config.h> |
21 |
#endif |
22 |
|
23 |
#include <stdio.h> |
24 |
#include <string.h> |
25 |
#include <fcntl.h> |
26 |
#include <unistd.h> |
27 |
#include <signal.h> |
28 |
#include <sys/types.h> |
29 |
#include <sys/socket.h> |
30 |
#include <sys/un.h> |
31 |
#include <sys/syslog.h> |
32 |
#include <sys/time.h> |
33 |
#include <sys/sysctl.h> |
34 |
|
35 |
#ifndef _PATH_LOG |
36 |
#define _PATH_LOG "/dev/log" |
37 |
#endif |
38 |
|
39 |
#ifdef __PROPOLICE_BLOCK_SEGV__ |
40 |
#define SSP_SIGTYPE SIGSEGV |
41 |
#elif __PROPOLICE_BLOCK_KILL__ |
42 |
#define SSP_SIGTYPE SIGKILL |
43 |
#else |
44 |
#define SSP_SIGTYPE SIGABRT |
45 |
#endif |
46 |
|
47 |
unsigned long __guard = 0UL; |
48 |
|
49 |
void |
50 |
__guard_setup (void) |
51 |
{ |
52 |
size_t size; |
53 |
#ifdef HAVE_DEV_ERANDOM |
54 |
int mib[3]; |
55 |
#endif |
56 |
|
57 |
if (__guard != 0UL) |
58 |
return; |
59 |
|
60 |
#ifndef __SSP_QUICK_CANARY__ |
61 |
#ifdef HAVE_DEV_ERANDOM |
62 |
/* Random is another depth in Linux, hence an array of 3. */ |
63 |
mib[0] = CTL_KERN; |
64 |
mib[1] = KERN_RANDOM; |
65 |
mib[2] = RANDOM_ERANDOM; |
66 |
|
67 |
size = sizeof (unsigned long); |
68 |
if (__sysctl (mib, 3, &__guard, &size, NULL, 0) != (-1)) |
69 |
if (__guard != 0UL) |
70 |
return; |
71 |
#endif |
72 |
/* |
73 |
* Attempt to open kernel pseudo random device if one exists before |
74 |
* opening urandom to avoid system entropy depletion. |
75 |
*/ |
76 |
{ |
77 |
int fd; |
78 |
#ifdef HAVE_DEV_ERANDOM |
79 |
if ((fd = open ("/dev/erandom", O_RDONLY)) == (-1)) |
80 |
#endif |
81 |
fd = open ("/dev/urandom", O_RDONLY); |
82 |
if (fd != (-1)) |
83 |
{ |
84 |
size = read (fd, (char *) &__guard, sizeof (__guard)); |
85 |
close (fd); |
86 |
if (size == sizeof (__guard)) |
87 |
return; |
88 |
} |
89 |
} |
90 |
#endif |
91 |
|
92 |
/* If sysctl was unsuccessful, use the "terminator canary". */ |
93 |
__guard = 0xFF0A0D00UL; |
94 |
|
95 |
{ |
96 |
/* Everything failed? Or we are using a weakened model of the |
97 |
* terminator canary */ |
98 |
struct timeval tv; |
99 |
|
100 |
gettimeofday (&tv, NULL); |
101 |
__guard ^= tv.tv_usec ^ tv.tv_sec; |
102 |
} |
103 |
} |
104 |
|
105 |
void |
106 |
__stack_smash_handler (char func[], int damaged) |
107 |
{ |
108 |
#ifndef __dietlibc__ |
109 |
struct sockaddr_un sock; /* AF_UNIX address of local logger */ |
110 |
#endif |
111 |
struct sigaction sa; |
112 |
const char message[] = ": stack smashing attack in function "; |
113 |
char buf[512]; |
114 |
int bufsz, len; |
115 |
#if !defined(__dietlibc__) |
116 |
int log; |
117 |
extern char *__progname; |
118 |
#else |
119 |
static char *__progname = "dietapp"; |
120 |
#endif |
121 |
|
122 |
sigset_t mask; |
123 |
sigfillset (&mask); |
124 |
|
125 |
sigdelset (&mask, SSP_SIGTYPE); /* Block all signal handlers */ |
126 |
sigprocmask (SIG_BLOCK, &mask, NULL); /* except SIGABRT */ |
127 |
|
128 |
bufsz = sizeof (buf); |
129 |
strcpy (buf, "<2>"); |
130 |
len = 3; |
131 |
|
132 |
strncat (buf, __progname, sizeof (buf) - 4); |
133 |
len = strlen (buf); |
134 |
|
135 |
if (bufsz > len) |
136 |
{ |
137 |
strncat (buf, message, bufsz - len - 1); |
138 |
len = strlen (buf); |
139 |
} |
140 |
if (bufsz > len) |
141 |
{ |
142 |
strncat (buf, func, bufsz - len - 1); |
143 |
len = strlen (buf); |
144 |
} |
145 |
|
146 |
/* print error message */ |
147 |
write (STDERR_FILENO, buf + 3, len - 3); |
148 |
write (STDERR_FILENO, "()\n", 3); |
149 |
#ifndef __dietlibc__ |
150 |
if ((log = socket (AF_UNIX, SOCK_DGRAM, 0)) != -1) |
151 |
{ |
152 |
/* Send "found" message to the "/dev/log" path */ |
153 |
sock.sun_family = AF_UNIX; |
154 |
(void) strncpy (sock.sun_path, _PATH_LOG, sizeof (sock.sun_path) - 1); |
155 |
sock.sun_path[sizeof (sock.sun_path) - 1] = '\0'; |
156 |
sendto (log, buf, len, 0, (struct sockaddr *) &sock, sizeof (sock)); |
157 |
} |
158 |
#endif |
159 |
/* Make sure the default handler is associated with the our signal handler */ |
160 |
|
161 |
memset (&sa, 0, sizeof (struct sigaction)); |
162 |
sigfillset (&sa.sa_mask); /* Block all signals */ |
163 |
sa.sa_flags = 0; |
164 |
sa.sa_handler = SIG_DFL; |
165 |
sigaction (SSP_SIGTYPE, &sa, NULL); |
166 |
// (void) kill (getpid (), SSP_SIGTYPE); |
167 |
// _exit (127); |
168 |
} |