[thirdparty/gcc.git] / libssp / ssp.c

/* Stack protector support.
   Copyright (C) 2005-2019 Free Software Foundation, Inc.

This file is part of GCC.

GCC is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 3, or (at your option) any later
version.

In addition to the permissions in the GNU General Public License, the
Free Software Foundation gives you unlimited permission to link the
compiled version of this file into combinations with other programs,
and to distribute those combinations without any restriction coming
from the use of this file.  (The General Public License restrictions
do apply in other respects; for example, they cover modification of
the file, and distribution when not linked into a combine
executable.)

GCC is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
for more details.

Under Section 7 of GPL version 3, you are granted additional
permissions described in the GCC Runtime Library Exception, version
3.1, as published by the Free Software Foundation.

You should have received a copy of the GNU General Public License and
a copy of the GCC Runtime Library Exception along with this program;
see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
<http://www.gnu.org/licenses/>.  */


#include "config.h"
#ifdef HAVE_ALLOCA_H
# include <alloca.h>
#endif
#ifdef HAVE_MALLOC_H
# include <malloc.h>
#endif
#ifdef HAVE_STRING_H
# include <string.h>
#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
#ifndef _PATH_TTY
/* Native win32 apps don't know about /dev/tty but can print directly
   to the console using  "CONOUT$"   */
#if defined (_WIN32) && !defined (__CYGWIN__)
#include <windows.h>
#include <wincrypt.h>
# define _PATH_TTY "CONOUT$"
#else
# define _PATH_TTY "/dev/tty"
#endif
#endif
#ifdef HAVE_SYSLOG_H
# include <syslog.h>
#endif

void *__stack_chk_guard = 0;

static void __attribute__ ((constructor))
__guard_setup (void)
{
  unsigned char *p;

  if (__stack_chk_guard != 0)
    return;

#if defined (_WIN32) && !defined (__CYGWIN__)
  HCRYPTPROV hprovider = 0;
  if (CryptAcquireContext(&hprovider, NULL, NULL, PROV_RSA_FULL,
                          CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
    {
      if (CryptGenRandom(hprovider, sizeof (__stack_chk_guard),
          (BYTE *)&__stack_chk_guard) &&  __stack_chk_guard != 0)
        {
           CryptReleaseContext(hprovider, 0);
           return;
        }
      CryptReleaseContext(hprovider, 0);
    }
#else
  int fd = open ("/dev/urandom", O_RDONLY);
  if (fd != -1)
    {
      ssize_t size = read (fd, &__stack_chk_guard,
                           sizeof (__stack_chk_guard));
      close (fd);
      if (size == sizeof(__stack_chk_guard) && __stack_chk_guard != 0)
        return;
    }

#endif
  /* If a random generator can't be used, the protector switches the guard
     to the "terminator canary".  */
  p = (unsigned char *) &__stack_chk_guard;
  p[sizeof(__stack_chk_guard)-1] = 255;
  p[sizeof(__stack_chk_guard)-2] = '\n';
  p[0] = 0;
}

static void
fail (const char *msg1, size_t msg1len, const char *msg3)
{
#ifdef __GNU_LIBRARY__
  extern char * __progname;
#else
  static const char __progname[] = "";
#endif
  int fd;

  /* Print error message directly to the tty.  This avoids Bad Things
     happening if stderr is redirected.  */
  fd = open (_PATH_TTY, O_WRONLY);
  if (fd != -1)
    {
      static const char msg2[] = " terminated\n";
      size_t progname_len, len;
      char *buf, *p;

      progname_len = strlen (__progname);
      len = msg1len + progname_len + sizeof(msg2)-1 + 1;
      p = buf = alloca (len);

      memcpy (p, msg1, msg1len);
      p += msg1len;
      memcpy (p, __progname, progname_len);
      p += progname_len;
      memcpy (p, msg2, sizeof(msg2));

      while (len > 0)
        {
          ssize_t wrote = write (fd, buf, len);
          if (wrote < 0)
            break;
          buf += wrote;
          len -= wrote;
        }
      close (fd);
    }

#ifdef HAVE_SYSLOG_H
  /* Only send the error to syslog if there was no tty available.  */
  else
    syslog (LOG_CRIT, "%s", msg3);
#endif /* HAVE_SYSLOG_H */

  /* Try very hard to exit.  Note that signals may be blocked preventing
     the first two options from working.  The use of volatile is here to
     prevent optimizers from "knowing" that __builtin_trap is called first,
     and that it doesn't return, and so "obviously" the rest of the code
     is dead.  */
  {
    volatile int state;
    for (state = 0; ; state++)
      switch (state)
        {
        case 0:
          __builtin_trap ();
          break;
        case 1:
          *(volatile int *)-1L = 0;
          break;
        case 2:
          _exit (127);
          break;
        }
  }
}

void
__stack_chk_fail (void)
{
  const char *msg = "*** stack smashing detected ***: ";
  fail (msg, strlen (msg), "stack smashing detected: terminated");
}

void
__chk_fail (void)
{
  const char *msg = "*** buffer overflow detected ***: ";
  fail (msg, strlen (msg), "buffer overflow detected: terminated");
}

#ifdef HAVE_HIDDEN_VISIBILITY
void
__attribute__((visibility ("hidden")))
__stack_chk_fail_local (void)
{
  __stack_chk_fail ();
}
#endif
Commit	Line	Data
0d55f4d0	1	/* Stack protector support.
fbd26352	2	Copyright (C) 2005-2019 Free Software Foundation, Inc.
0d55f4d0	3
	4	This file is part of GCC.
	5
	6	GCC is free software; you can redistribute it and/or modify it under
	7	the terms of the GNU General Public License as published by the Free
6bc9506f	8	Software Foundation; either version 3, or (at your option) any later
0d55f4d0	9	version.
	10
	11	In addition to the permissions in the GNU General Public License, the
	12	Free Software Foundation gives you unlimited permission to link the
	13	compiled version of this file into combinations with other programs,
	14	and to distribute those combinations without any restriction coming
	15	from the use of this file. (The General Public License restrictions
	16	do apply in other respects; for example, they cover modification of
	17	the file, and distribution when not linked into a combine
	18	executable.)
	19
	20	GCC is distributed in the hope that it will be useful, but WITHOUT ANY
	21	WARRANTY; without even the implied warranty of MERCHANTABILITY or
	22	FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	23	for more details.
	24
6bc9506f	25	Under Section 7 of GPL version 3, you are granted additional
	26	permissions described in the GCC Runtime Library Exception, version
	27	3.1, as published by the Free Software Foundation.
	28
	29	You should have received a copy of the GNU General Public License and
	30	a copy of the GCC Runtime Library Exception along with this program;
	31	see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
	32	<http://www.gnu.org/licenses/>. */
0d55f4d0	33
0d55f4d0	34
	35	#include "config.h"
	36	#ifdef HAVE_ALLOCA_H
	37	# include <alloca.h>
	38	#endif
724518ff	39	#ifdef HAVE_MALLOC_H
	40	# include <malloc.h>
	41	#endif
0d55f4d0	42	#ifdef HAVE_STRING_H
	43	# include <string.h>
	44	#endif
	45	#ifdef HAVE_UNISTD_H
	46	# include <unistd.h>
	47	#endif
	48	#ifdef HAVE_FCNTL_H
	49	# include <fcntl.h>
	50	#endif
	51	#ifdef HAVE_PATHS_H
	52	# include <paths.h>
	53	#endif
	54	#ifndef _PATH_TTY
1070c6bd	55	/* Native win32 apps don't know about /dev/tty but can print directly
	56	to the console using "CONOUT$" */
	57	#if defined (_WIN32) && !defined (__CYGWIN__)
19fef163	58	#include <windows.h>
4f6f2923	59	#include <wincrypt.h>
1070c6bd	60	# define _PATH_TTY "CONOUT$"
1070c6bd	61	#else
0d55f4d0	62	# define _PATH_TTY "/dev/tty"
0d55f4d0	63	#endif
1070c6bd	64	#endif
0d55f4d0	65	#ifdef HAVE_SYSLOG_H
	66	# include <syslog.h>
	67	#endif
	68
	69	void *__stack_chk_guard = 0;
	70
	71	static void __attribute__ ((constructor))
	72	__guard_setup (void)
	73	{
	74	unsigned char *p;
0d55f4d0	75
	76	if (__stack_chk_guard != 0)
	77	return;
	78
19fef163	79	#if defined (_WIN32) && !defined (__CYGWIN__)
	80	HCRYPTPROV hprovider = 0;
	81	if (CryptAcquireContext(&hprovider, NULL, NULL, PROV_RSA_FULL,
	82	CRYPT_VERIFYCONTEXT \| CRYPT_SILENT))
	83	{
	84	if (CryptGenRandom(hprovider, sizeof (__stack_chk_guard),
	85	(BYTE *)&__stack_chk_guard) && __stack_chk_guard != 0)
	86	{
	87	CryptReleaseContext(hprovider, 0);
	88	return;
	89	}
	90	CryptReleaseContext(hprovider, 0);
	91	}
	92	#else
7714131b	93	int fd = open ("/dev/urandom", O_RDONLY);
0d55f4d0	94	if (fd != -1)
	95	{
	96	ssize_t size = read (fd, &__stack_chk_guard,
	97	sizeof (__stack_chk_guard));
	98	close (fd);
	99	if (size == sizeof(__stack_chk_guard) && __stack_chk_guard != 0)
	100	return;
	101	}
	102
19fef163	103	#endif
0d55f4d0	104	/* If a random generator can't be used, the protector switches the guard
	105	to the "terminator canary". */
	106	p = (unsigned char *) &__stack_chk_guard;
	107	p[sizeof(__stack_chk_guard)-1] = 255;
	108	p[sizeof(__stack_chk_guard)-2] = '\n';
	109	p[0] = 0;
	110	}
	111
	112	static void
	113	fail (const char msg1, size_t msg1len, const char msg3)
	114	{
	115	#ifdef __GNU_LIBRARY__
	116	extern char * __progname;
	117	#else
	118	static const char __progname[] = "";
	119	#endif
	120	int fd;
	121
	122	/* Print error message directly to the tty. This avoids Bad Things
	123	happening if stderr is redirected. */
	124	fd = open (_PATH_TTY, O_WRONLY);
	125	if (fd != -1)
	126	{
	127	static const char msg2[] = " terminated\n";
	128	size_t progname_len, len;
	129	char buf, p;
	130
	131	progname_len = strlen (__progname);
	132	len = msg1len + progname_len + sizeof(msg2)-1 + 1;
	133	p = buf = alloca (len);
	134
	135	memcpy (p, msg1, msg1len);
	136	p += msg1len;
	137	memcpy (p, __progname, progname_len);
	138	p += progname_len;
	139	memcpy (p, msg2, sizeof(msg2));
	140
	141	while (len > 0)
	142	{
	143	ssize_t wrote = write (fd, buf, len);
	144	if (wrote < 0)
	145	break;
	146	buf += wrote;
	147	len -= wrote;
	148	}
	149	close (fd);
	150	}
	151
	152	#ifdef HAVE_SYSLOG_H
	153	/* Only send the error to syslog if there was no tty available. */
	154	else
08edd07c	155	syslog (LOG_CRIT, "%s", msg3);
0d55f4d0	156	#endif /* HAVE_SYSLOG_H */
	157
	158	/* Try very hard to exit. Note that signals may be blocked preventing
	159	the first two options from working. The use of volatile is here to
	160	prevent optimizers from "knowing" that __builtin_trap is called first,
	161	and that it doesn't return, and so "obviously" the rest of the code
	162	is dead. */
	163	{
	164	volatile int state;
	165	for (state = 0; ; state++)
	166	switch (state)
	167	{
	168	case 0:
	169	__builtin_trap ();
	170	break;
	171	case 1:
	172	(volatile int )-1L = 0;
	173	break;
	174	case 2:
	175	_exit (127);
	176	break;
	177	}
	178	}
	179	}
	180
	181	void
	182	__stack_chk_fail (void)
	183	{
	184	const char msg = " stack smashing detected *: ";
	185	fail (msg, strlen (msg), "stack smashing detected: terminated");
	186	}
	187
	188	void
	189	__chk_fail (void)
	190	{
	191	const char msg = " buffer overflow detected *: ";
	192	fail (msg, strlen (msg), "buffer overflow detected: terminated");
	193	}
	194
	195	#ifdef HAVE_HIDDEN_VISIBILITY
	196	void
	197	__attribute__((visibility ("hidden")))
	198	__stack_chk_fail_local (void)
	199	{
	200	__stack_chk_fail ();
	201	}
	202	#endif