Lines 62-68
Link Here
|
62 |
static inline uintptr_t __attribute__ ((always_inline)) |
62 |
static inline uintptr_t __attribute__ ((always_inline)) |
63 |
_dl_setup_stack_chk_guard (void *dl_random) |
63 |
_dl_setup_stack_chk_guard (void *dl_random) |
64 |
{ |
64 |
{ |
65 |
uintptr_t ret; |
65 |
uintptr_t ret = 0; |
|
|
66 |
/* Having a leading zero byte protects the stack guard from |
67 |
being exposed by an unterminated str* read operation. */ |
68 |
unsigned char *p = ((unsigned char *) &ret) + 1; |
69 |
int size = sizeof (ret) - 1; |
66 |
#ifndef __ASSUME_AT_RANDOM |
70 |
#ifndef __ASSUME_AT_RANDOM |
67 |
if (__builtin_expect (dl_random == NULL, 0)) |
71 |
if (__builtin_expect (dl_random == NULL, 0)) |
68 |
{ |
72 |
{ |
Lines 70-92
Link Here
|
70 |
int fd = __open ("/dev/urandom", O_RDONLY); |
74 |
int fd = __open ("/dev/urandom", O_RDONLY); |
71 |
if (fd >= 0) |
75 |
if (fd >= 0) |
72 |
{ |
76 |
{ |
73 |
ssize_t reslen = __read (fd, &ret, sizeof (ret)); |
77 |
ssize_t reslen = __read (fd, p, size); |
74 |
__close (fd); |
78 |
__close (fd); |
75 |
if (reslen == (ssize_t) sizeof (ret)) |
79 |
if (reslen == (ssize_t) size) |
76 |
return ret; |
80 |
return ret; |
77 |
} |
81 |
} |
78 |
# endif |
82 |
# endif |
79 |
ret = 0; |
83 |
/* Lacking any other form of randomized stack guard, add other |
80 |
unsigned char *p = (unsigned char *) &ret; |
84 |
terminators in an attempt to block things like fgets, etc. */ |
81 |
p[sizeof (ret) - 1] = 255; |
85 |
p[size - 1] = 255; |
82 |
p[sizeof (ret) - 2] = '\n'; |
86 |
p[size - 2] = '\n'; |
83 |
} |
87 |
} |
84 |
else |
88 |
else |
85 |
#endif |
89 |
#endif |
86 |
/* We need in the moment only 8 bytes on 32-bit platforms and 16 |
90 |
/* We need in the moment only 8 bytes on 32-bit platforms and 16 |
87 |
bytes on 64-bit platforms. Therefore we can use the data |
91 |
bytes on 64-bit platforms. Therefore we can use the data |
88 |
directly and not use the kernel-provided data to seed a PRNG. */ |
92 |
directly and not use the kernel-provided data to seed a PRNG. */ |
89 |
memcpy (&ret, dl_random, sizeof (ret)); |
93 |
memcpy (p, dl_random, size); |
90 |
return ret; |
94 |
return ret; |
91 |
} |
95 |
} |
92 |
|
96 |
|