This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch hjl/pr21752/master created. glibc-2.25-764-gd8a801c
- From: hjl at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 19 Jul 2017 18:11:35 -0000
- Subject: GNU C Library master sources branch hjl/pr21752/master created. glibc-2.25-764-gd8a801c
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, hjl/pr21752/master has been created
at d8a801c2eadd6a0286434a49fafdc6c8ef2e1556 (commit)
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d8a801c2eadd6a0286434a49fafdc6c8ef2e1556
commit d8a801c2eadd6a0286434a49fafdc6c8ef2e1556
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Jul 19 10:56:19 2017 -0700
Avoid accessing corrupted stack from __stack_chk_fail [BZ #21752]
__libc_argv[0] points to address on stack and __libc_secure_getenv
accesses environment variables which are on stack. We should avoid
accessing stack when stack is corrupted.
This patch also renames function argument in __fortify_fail_abort
from do_backtrace to need_backtrace to avoid confusion with do_backtrace
from enum __libc_message_action.
[BZ #21752]
* debug/fortify_fail.c (__fortify_fail_abort): Don't pass down
__libc_argv[0] if we aren't doing backtrace. Rename do_backtrace
to need_backtrace.
* sysdeps/posix/libc_fatal.c (__libc_message): Don't call
__libc_secure_getenv if we aren't doing backtrace.
diff --git a/debug/fortify_fail.c b/debug/fortify_fail.c
index c90d384..a0777ae 100644
--- a/debug/fortify_fail.c
+++ b/debug/fortify_fail.c
@@ -24,13 +24,17 @@ extern char **__libc_argv attribute_hidden;
void
__attribute__ ((noreturn)) internal_function
-__fortify_fail_abort (_Bool do_backtrace, const char *msg)
+__fortify_fail_abort (_Bool need_backtrace, const char *msg)
{
- /* The loop is added only to keep gcc happy. */
+ /* The loop is added only to keep gcc happy. Don't pass down
+ __libc_argv[0] if we aren't doing backtrace since __libc_argv[0]
+ may point to the corrupted stack. */
while (1)
- __libc_message (do_backtrace ? (do_abort | do_backtrace) : do_abort,
+ __libc_message (need_backtrace ? (do_abort | do_backtrace) : do_abort,
"*** %s ***: %s terminated\n",
- msg, __libc_argv[0] ?: "<unknown>");
+ msg,
+ (need_backtrace && __libc_argv[0] != NULL
+ ? __libc_argv[0] : "<unknown>"));
}
void
diff --git a/sysdeps/posix/libc_fatal.c b/sysdeps/posix/libc_fatal.c
index 25af8bd..c918919 100644
--- a/sysdeps/posix/libc_fatal.c
+++ b/sysdeps/posix/libc_fatal.c
@@ -75,11 +75,16 @@ __libc_message (enum __libc_message_action action, const char *fmt, ...)
FATAL_PREPARE;
#endif
- /* Open a descriptor for /dev/tty unless the user explicitly
- requests errors on standard error. */
- const char *on_2 = __libc_secure_getenv ("LIBC_FATAL_STDERR_");
- if (on_2 == NULL || *on_2 == '\0')
- fd = open_not_cancel_2 (_PATH_TTY, O_RDWR | O_NOCTTY | O_NDELAY);
+ /* Don't call __libc_secure_getenv if we aren't doing backtrace, which
+ may access the corrupted stack. */
+ if ((action & do_backtrace))
+ {
+ /* Open a descriptor for /dev/tty unless the user explicitly
+ requests errors on standard error. */
+ const char *on_2 = __libc_secure_getenv ("LIBC_FATAL_STDERR_");
+ if (on_2 == NULL || *on_2 == '\0')
+ fd = open_not_cancel_2 (_PATH_TTY, O_RDWR | O_NOCTTY | O_NDELAY);
+ }
if (fd == -1)
fd = STDERR_FILENO;
-----------------------------------------------------------------------
hooks/post-receive
--
GNU C Library master sources