This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.25-782-g422ff87
- From: hjl at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 24 Jul 2017 13:09:38 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.25-782-g422ff87
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 422ff87c249ddc06701d096421db63343e4754be (commit)
from 55703fcace89b53d7f41f7d85ede50571da2bcc8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=422ff87c249ddc06701d096421db63343e4754be
commit 422ff87c249ddc06701d096421db63343e4754be
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Mon Jul 24 06:06:08 2017 -0700
Avoid accessing corrupted stack from __stack_chk_fail [BZ #21752]
__libc_argv[0] points to address on stack and __libc_secure_getenv
accesses environment variables which are on stack. We should avoid
accessing stack when stack is corrupted.
This patch also renames function argument in __fortify_fail_abort
from do_backtrace to need_backtrace to avoid confusion with do_backtrace
from enum __libc_message_action.
[BZ #21752]
* debug/fortify_fail.c (__fortify_fail_abort): Don't pass down
__libc_argv[0] if we aren't doing backtrace. Rename do_backtrace
to need_backtrace.
* sysdeps/posix/libc_fatal.c (__libc_message): Don't call
__libc_secure_getenv if we aren't doing backtrace.
diff --git a/ChangeLog b/ChangeLog
index 6f1fb54..7da4510 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2017-07-24 H.J. Lu <hongjiu.lu@intel.com>
+
+ [BZ #21752]
+ * debug/fortify_fail.c (__fortify_fail_abort): Don't pass down
+ __libc_argv[0] if we aren't doing backtrace. Rename do_backtrace
+ to need_backtrace.
+ * sysdeps/posix/libc_fatal.c (__libc_message): Don't call
+ __libc_secure_getenv if we aren't doing backtrace.
+
2017-07-24 Andreas Schwab <schwab@suse.de>
[BZ #21804]
diff --git a/debug/fortify_fail.c b/debug/fortify_fail.c
index c90d384..a0777ae 100644
--- a/debug/fortify_fail.c
+++ b/debug/fortify_fail.c
@@ -24,13 +24,17 @@ extern char **__libc_argv attribute_hidden;
void
__attribute__ ((noreturn)) internal_function
-__fortify_fail_abort (_Bool do_backtrace, const char *msg)
+__fortify_fail_abort (_Bool need_backtrace, const char *msg)
{
- /* The loop is added only to keep gcc happy. */
+ /* The loop is added only to keep gcc happy. Don't pass down
+ __libc_argv[0] if we aren't doing backtrace since __libc_argv[0]
+ may point to the corrupted stack. */
while (1)
- __libc_message (do_backtrace ? (do_abort | do_backtrace) : do_abort,
+ __libc_message (need_backtrace ? (do_abort | do_backtrace) : do_abort,
"*** %s ***: %s terminated\n",
- msg, __libc_argv[0] ?: "<unknown>");
+ msg,
+ (need_backtrace && __libc_argv[0] != NULL
+ ? __libc_argv[0] : "<unknown>"));
}
void
diff --git a/sysdeps/posix/libc_fatal.c b/sysdeps/posix/libc_fatal.c
index 25af8bd..c918919 100644
--- a/sysdeps/posix/libc_fatal.c
+++ b/sysdeps/posix/libc_fatal.c
@@ -75,11 +75,16 @@ __libc_message (enum __libc_message_action action, const char *fmt, ...)
FATAL_PREPARE;
#endif
- /* Open a descriptor for /dev/tty unless the user explicitly
- requests errors on standard error. */
- const char *on_2 = __libc_secure_getenv ("LIBC_FATAL_STDERR_");
- if (on_2 == NULL || *on_2 == '\0')
- fd = open_not_cancel_2 (_PATH_TTY, O_RDWR | O_NOCTTY | O_NDELAY);
+ /* Don't call __libc_secure_getenv if we aren't doing backtrace, which
+ may access the corrupted stack. */
+ if ((action & do_backtrace))
+ {
+ /* Open a descriptor for /dev/tty unless the user explicitly
+ requests errors on standard error. */
+ const char *on_2 = __libc_secure_getenv ("LIBC_FATAL_STDERR_");
+ if (on_2 == NULL || *on_2 == '\0')
+ fd = open_not_cancel_2 (_PATH_TTY, O_RDWR | O_NOCTTY | O_NDELAY);
+ }
if (fd == -1)
fd = STDERR_FILENO;
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 9 +++++++++
debug/fortify_fail.c | 12 ++++++++----
sysdeps/posix/libc_fatal.c | 15 ++++++++++-----
3 files changed, 27 insertions(+), 9 deletions(-)
hooks/post-receive
--
GNU C Library master sources