View | Details | Raw Unified | Return to bug 10149
Collapse All | Expand All

(-)a/sysdeps/unix/sysv/linux/dl-osinfo.h (-8 / +12 lines)
Lines 62-68 Link Here
62
static inline uintptr_t __attribute__ ((always_inline))
62
static inline uintptr_t __attribute__ ((always_inline))
63
_dl_setup_stack_chk_guard (void *dl_random)
63
_dl_setup_stack_chk_guard (void *dl_random)
64
{
64
{
65
  uintptr_t ret;
65
  uintptr_t ret = 0;
66
  /* Having a leading zero byte protects the stack guard from
67
     being exposed by an unterminated str* read operation. */
68
  unsigned char *p = ((unsigned char *) &ret) + 1;
69
  int size = sizeof (ret) - 1;
66
#ifndef __ASSUME_AT_RANDOM
70
#ifndef __ASSUME_AT_RANDOM
67
  if (__builtin_expect (dl_random == NULL, 0))
71
  if (__builtin_expect (dl_random == NULL, 0))
68
    {
72
    {
Lines 70-92 Link Here
70
      int fd = __open ("/dev/urandom", O_RDONLY);
74
      int fd = __open ("/dev/urandom", O_RDONLY);
71
      if (fd >= 0)
75
      if (fd >= 0)
72
	{
76
	{
73
	  ssize_t reslen = __read (fd, &ret, sizeof (ret));
77
	  ssize_t reslen = __read (fd, p, size);
74
	  __close (fd);
78
	  __close (fd);
75
	  if (reslen == (ssize_t) sizeof (ret))
79
	  if (reslen == (ssize_t) size)
76
	    return ret;
80
	    return ret;
77
	}
81
	}
78
# endif
82
# endif
79
      ret = 0;
83
      /* Lacking any other form of randomized stack guard, add other
80
      unsigned char *p = (unsigned char *) &ret;
84
         terminators in an attempt to block things like fgets, etc. */
81
      p[sizeof (ret) - 1] = 255;
85
      p[size - 1] = 255;
82
      p[sizeof (ret) - 2] = '\n';
86
      p[size - 2] = '\n';
83
    }
87
    }
84
  else
88
  else
85
#endif
89
#endif
86
    /* We need in the moment only 8 bytes on 32-bit platforms and 16
90
    /* We need in the moment only 8 bytes on 32-bit platforms and 16
87
       bytes on 64-bit platforms.  Therefore we can use the data
91
       bytes on 64-bit platforms.  Therefore we can use the data
88
       directly and not use the kernel-provided data to seed a PRNG.  */
92
       directly and not use the kernel-provided data to seed a PRNG.  */
89
    memcpy (&ret, dl_random, sizeof (ret));
93
    memcpy (p, dl_random, size);
90
  return ret;
94
  return ret;
91
}
95
}
92
96

Return to bug 10149