Fix default stack guard.
Kees Cook
kees@outflux.net
Wed Feb 15 19:55:00 GMT 2012
Hi Tom,
On Wed, Feb 15, 2012 at 05:50:09PM +0100, Tom de Vries wrote:
> The patch fixes the failing test-cases by restoring the default stack guard to
> what it was before the commit 'Make stack canary value harder to read through
> read overflow' (15a856b1090669df0aec536edbdf240e71a470ca).
> [...]
> diff --git a/sysdeps/unix/sysv/linux/dl-osinfo.h b/sysdeps/unix/sysv/linux/dl-osinfo.h
> index 874660b..780b20a 100644
> --- sysdeps/unix/sysv/linux/dl-osinfo.h
> +++ sysdeps/unix/sysv/linux/dl-osinfo.h
> @@ -84,8 +84,8 @@ _dl_setup_stack_chk_guard (void *dl_random)
> return ret.num;
> }
> # endif
> - ret.bytes[filllen - 2] = 255;
> - ret.bytes[filllen - 3] = '\n';
> + ret.bytes[filllen] = 255;
> + ret.bytes[filllen - 1] = '\n';
> }
> else
> #endif
Yup, agreed. This restores the original behavior of the default canary
ending with 0x0a 0xff. This is what I had in the original patch for
http://sourceware.org/bugzilla/attachment.cgi?id=3933
I think it would be nice to add some comments in this area of the code
(as in my original patch), though, since the reasoning for the behaviors
is not clear without a lot of additional knowledge.
-Kees
--
Kees Cook @outflux.net
More information about the Libc-alpha
mailing list