This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] libio vtable validation [BZ #20191]
- From: Carlos O'Donell <carlos at redhat dot com>
- To: Florian Weimer <fweimer at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>, Kees Cook <keescook at chromium dot org>, Yunlian Jiang <yunlian at google dot com>
- Date: Thu, 9 Jun 2016 14:53:49 -0400
- Subject: Re: [PATCH] libio vtable validation [BZ #20191]
- Authentication-results: sourceware.org; auth=none
- References: <a012f7d2-b34f-293f-e8d9-f709432f20ac at redhat dot com>
On 06/09/2016 12:33 PM, Florian Weimer wrote:
> 2016-06-09 Florian Weimer <fweimer@redhat.com>
>
> [BZ #20191]
> Implement vtable verification in libio.
> * Makerules (shlib.lds): Place __libc_IO_vtables section.
> * debug/obprintf_chk.c (_IO_obstack_jumps): Define as vtable.
> * debug/vdprintf_chk.c (__vdprintf_chk): Call
> _IO_new_file_init_internal instead of _IO_file_init.
> * debug/vsnprintf_chk.c (_IO_strn_jumps): Define as vtable.
> * debug/vsprintf_chk.c (_IO_str_chk_jumps): Likewise.
> * libio/Makefile (routines): Add vtables.
> * libio/libioP.h (_IO_JUMPS_FUNC): Call IO_validate_vtable.
> (_IO_init): Remove, not for internal use.
> (_IO_init_internal): Declare, internal replacement for _IO_init.
> (_IO_file_init): Remove, not for internal use.
> (_IO_new_file_init): Remove, not for internal use.
> (_IO_new_file_init_internal): Declare, internal replacement for
> _IO_new_file_init.
> (_IO_old_file_init): Remove, not for internal use.
> (_IO_old_file_init_internal): Declare, internal replacement for
> _IO_old_file_init.
> (_IO_str_init_static, _IO_str_init_readonly): Remove, not for
> internal use.
> (__libc_IO_vtables, IO_accept_foreign_vtables, _IO_vtable_check):
> Declare.
> (libio_vtable): New macro.
> (IO_set_accept_foreign_vtables, _IO_validate_vtable): New inline
> functions.
> * libio/fileops.c (_IO_new_file_init_internal): Rename from
> _IO_new_file_init.
> (_IO_new_file_init): New externally visible wrapper which disables
> vtable verification.
> (_IO_file_jumps, _IO_file_jumps_mmap, _IO_file_jumps_maybe_mmap):
> Define as vtables.
> * libio/genops.c (_IO_init_internal): Rename from _IO_init.
> (_IO_init): New externally visible wrapper which disables
> vtable verification.
> * libio/iofdopen.c (_IO_new_fdopen): Call
> _IO_new_file_init_internal instead of _IO_file_init. Adjust
> comment.
> * libio/iofopen.c (__fopen_internal): Call
> _IO_new_file_init_internal instead of _IO_file_init.
> * libio/iofopncook.c (_IO_cookie_jumps, _IO_old_cookie_jumps):
> Define as vtables.
> (_IO_cookie_init): Call _IO_init_internal instead of _IO_init,
> _IO_new_file_init_internal instead of _IO_file_init.
> * libio/iopopen.c (_IO_new_popen): Likewise.
> (_IO_proc_jumps): Define as vtable.
> * libio/iovdprintf.c (_IO_vdprintf): Call
> _IO_new_file_init_internal instead of _IO_file_init.
> * libio/memstream.c (_IO_mem_jumps): Define as vtable.
> (__open_memstream): Call _IO_init_internal instead of _IO_init.
> * libio/obprintf.c (_IO_obstack_jumps): Define as vtable.
> * libio/oldfileops.c (_IO_old_file_init_internal): Rename from
> _IO_old_file_init.
> (_IO_old_file_init): New externally visible wrapper which disables
> vtable verification.
> (_IO_old_file_jumps): Define as vtable.
> * libio/oldiofdopen.c (_IO_old_fdopen): Call
> _IO_old_file_init_internal instead of _IO_old_file_init.
> * libio/oldiofopen.c (_IO_old_fopen): Likewise.
> * libio/oldiopopen.c (_IO_old_popen): Likewise.
> (_IO_old_proc_jumps): Define as vtable.
> * libio/strops.c (_IO_str_jumps, _IO_strn_jumps, _IO_wstrn_jumps):
> Define as vtables.
> * libio/vtables.c: New file.
> * libio/wfileops.c (_IO_wfile_jumps, _IO_wfile_jumps_mmap)
> (_IO_wfile_jumps_maybe_mmap): Define as vtables.
> * libio/wmemstream.c (_IO_wmem_jumps): Define as vtable.
> * libio/wstrops.c (_IO_wstr_jumps): Likewise.
> * stdio-common/vfprintf.c (_IO_helper_jumps): Likewise.
> * stdlib/strfmon_l.c (__vstrfmon_l): Call _IO_init_internal
> instead of _IO_init.
This looks good to me.
--
Cheers,
Carlos.