stack_protector.c.patch [plain text]
Index: stack_protector.c
===================================================================
--- stack_protector.c (revision 31377)
+++ stack_protector.c (working copy)
@@ -32,44 +32,41 @@ static char rcsid[] = "$OpenBSD: stack_p
#include <sys/param.h>
#include <sys/sysctl.h>
#include <syslog.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+extern void __abort(void) __dead2;
+long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0};
+void __guard_setup(void) __attribute__ ((visibility ("hidden")));
+void __stack_chk_fail(void);
-long __guard[8] = {0, 0, 0, 0, 0, 0, 0, 0};
-static void __guard_setup(void) __attribute__ ((constructor));
-void __stack_smash_handler(char func[], int damaged __attribute__((unused)));
-
-static void
+void
__guard_setup(void)
{
int fd;
- if (__guard[0]!=0) return;
+ if (__stack_chk_guard[0]!=0) return;
fd = open ("/dev/urandom", 0);
if (fd != -1) {
- ssize_t size = read (fd, (char*)&__guard, sizeof(__guard));
+ ssize_t size = read (fd, (char*)&__stack_chk_guard,
+ sizeof(__stack_chk_guard));
close (fd) ;
- if (size == sizeof(__guard)) return;
+ if (size == sizeof(__stack_chk_guard)
+ && *__stack_chk_guard != 0) return;
}
/* If a random generator can't be used, the protector switches the guard
to the "terminator canary" */
- ((char*)__guard)[0] = 0; ((char*)__guard)[1] = 0;
- ((char*)__guard)[2] = '\n'; ((char*)__guard)[3] = 255;
+ ((char*)__stack_chk_guard)[0] = 0; ((char*)__stack_chk_guard)[1] = 0;
+ ((char*)__stack_chk_guard)[2] = '\n'; ((char*)__stack_chk_guard)[3] = 255;
}
void
-__stack_smash_handler(char func[], int damaged)
+__stack_chk_fail()
{
- const char message[] = "stack overflow in function %s";
- struct sigaction sa;
+ const char message[] = "[%d] stack overflow";
/* this may fail on a chroot jail, though luck */
- syslog(LOG_CRIT, message, func);
-
- bzero(&sa, sizeof(struct sigaction));
- sigemptyset(&sa.sa_mask);
- sa.sa_flags = 0;
- sa.sa_handler = SIG_DFL;
- sigaction(SIGABRT, &sa, NULL);
-
- kill(getpid(), SIGABRT);
+ syslog(LOG_CRIT, message, getpid());
- _exit(127);
+ __abort();
}