]>
Commit | Line | Data |
---|---|---|
77008252 | 1 | /* Stack protector support. |
83ffe9cd | 2 | Copyright (C) 2005-2023 Free Software Foundation, Inc. |
77008252 JJ |
3 | |
4 | This file is part of GCC. | |
5 | ||
6 | GCC is free software; you can redistribute it and/or modify it under | |
7 | the terms of the GNU General Public License as published by the Free | |
748086b7 | 8 | Software Foundation; either version 3, or (at your option) any later |
77008252 JJ |
9 | version. |
10 | ||
11 | In addition to the permissions in the GNU General Public License, the | |
12 | Free Software Foundation gives you unlimited permission to link the | |
13 | compiled version of this file into combinations with other programs, | |
14 | and to distribute those combinations without any restriction coming | |
15 | from the use of this file. (The General Public License restrictions | |
16 | do apply in other respects; for example, they cover modification of | |
17 | the file, and distribution when not linked into a combine | |
18 | executable.) | |
19 | ||
20 | GCC is distributed in the hope that it will be useful, but WITHOUT ANY | |
21 | WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
22 | FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
23 | for more details. | |
24 | ||
748086b7 JJ |
25 | Under Section 7 of GPL version 3, you are granted additional |
26 | permissions described in the GCC Runtime Library Exception, version | |
27 | 3.1, as published by the Free Software Foundation. | |
28 | ||
29 | You should have received a copy of the GNU General Public License and | |
30 | a copy of the GCC Runtime Library Exception along with this program; | |
31 | see the files COPYING3 and COPYING.RUNTIME respectively. If not, see | |
32 | <http://www.gnu.org/licenses/>. */ | |
77008252 | 33 | |
77008252 JJ |
34 | |
35 | #include "config.h" | |
36 | #ifdef HAVE_ALLOCA_H | |
37 | # include <alloca.h> | |
38 | #endif | |
266aa805 OS |
39 | #ifdef HAVE_MALLOC_H |
40 | # include <malloc.h> | |
41 | #endif | |
77008252 JJ |
42 | #ifdef HAVE_STRING_H |
43 | # include <string.h> | |
44 | #endif | |
45 | #ifdef HAVE_UNISTD_H | |
46 | # include <unistd.h> | |
47 | #endif | |
48 | #ifdef HAVE_FCNTL_H | |
49 | # include <fcntl.h> | |
50 | #endif | |
51 | #ifdef HAVE_PATHS_H | |
52 | # include <paths.h> | |
53 | #endif | |
54 | #ifndef _PATH_TTY | |
00f97e5a DS |
55 | /* Native win32 apps don't know about /dev/tty but can print directly |
56 | to the console using "CONOUT$" */ | |
57 | #if defined (_WIN32) && !defined (__CYGWIN__) | |
902c7559 | 58 | #define WIN32_LEAN_AND_MEAN |
adebb6e7 | 59 | #include <windows.h> |
ca47576a | 60 | #include <wincrypt.h> |
00f97e5a DS |
61 | # define _PATH_TTY "CONOUT$" |
62 | #else | |
77008252 JJ |
63 | # define _PATH_TTY "/dev/tty" |
64 | #endif | |
00f97e5a | 65 | #endif |
77008252 JJ |
66 | #ifdef HAVE_SYSLOG_H |
67 | # include <syslog.h> | |
68 | #endif | |
69 | ||
70 | void *__stack_chk_guard = 0; | |
71 | ||
72 | static void __attribute__ ((constructor)) | |
73 | __guard_setup (void) | |
74 | { | |
75 | unsigned char *p; | |
77008252 JJ |
76 | |
77 | if (__stack_chk_guard != 0) | |
78 | return; | |
79 | ||
adebb6e7 GK |
80 | #if defined (_WIN32) && !defined (__CYGWIN__) |
81 | HCRYPTPROV hprovider = 0; | |
82 | if (CryptAcquireContext(&hprovider, NULL, NULL, PROV_RSA_FULL, | |
83 | CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) | |
84 | { | |
85 | if (CryptGenRandom(hprovider, sizeof (__stack_chk_guard), | |
86 | (BYTE *)&__stack_chk_guard) && __stack_chk_guard != 0) | |
87 | { | |
88 | CryptReleaseContext(hprovider, 0); | |
89 | return; | |
90 | } | |
91 | CryptReleaseContext(hprovider, 0); | |
92 | } | |
93 | #else | |
5738fe88 | 94 | int fd = open ("/dev/urandom", O_RDONLY); |
77008252 JJ |
95 | if (fd != -1) |
96 | { | |
97 | ssize_t size = read (fd, &__stack_chk_guard, | |
98 | sizeof (__stack_chk_guard)); | |
99 | close (fd); | |
100 | if (size == sizeof(__stack_chk_guard) && __stack_chk_guard != 0) | |
101 | return; | |
102 | } | |
103 | ||
adebb6e7 | 104 | #endif |
77008252 JJ |
105 | /* If a random generator can't be used, the protector switches the guard |
106 | to the "terminator canary". */ | |
107 | p = (unsigned char *) &__stack_chk_guard; | |
108 | p[sizeof(__stack_chk_guard)-1] = 255; | |
109 | p[sizeof(__stack_chk_guard)-2] = '\n'; | |
110 | p[0] = 0; | |
111 | } | |
112 | ||
113 | static void | |
114 | fail (const char *msg1, size_t msg1len, const char *msg3) | |
115 | { | |
116 | #ifdef __GNU_LIBRARY__ | |
117 | extern char * __progname; | |
118 | #else | |
119 | static const char __progname[] = ""; | |
120 | #endif | |
121 | int fd; | |
122 | ||
123 | /* Print error message directly to the tty. This avoids Bad Things | |
124 | happening if stderr is redirected. */ | |
125 | fd = open (_PATH_TTY, O_WRONLY); | |
126 | if (fd != -1) | |
127 | { | |
128 | static const char msg2[] = " terminated\n"; | |
129 | size_t progname_len, len; | |
130 | char *buf, *p; | |
131 | ||
132 | progname_len = strlen (__progname); | |
133 | len = msg1len + progname_len + sizeof(msg2)-1 + 1; | |
134 | p = buf = alloca (len); | |
135 | ||
136 | memcpy (p, msg1, msg1len); | |
137 | p += msg1len; | |
138 | memcpy (p, __progname, progname_len); | |
139 | p += progname_len; | |
140 | memcpy (p, msg2, sizeof(msg2)); | |
141 | ||
142 | while (len > 0) | |
143 | { | |
144 | ssize_t wrote = write (fd, buf, len); | |
145 | if (wrote < 0) | |
146 | break; | |
147 | buf += wrote; | |
148 | len -= wrote; | |
149 | } | |
150 | close (fd); | |
151 | } | |
152 | ||
153 | #ifdef HAVE_SYSLOG_H | |
154 | /* Only send the error to syslog if there was no tty available. */ | |
155 | else | |
b32f3fef | 156 | syslog (LOG_CRIT, "%s", msg3); |
77008252 JJ |
157 | #endif /* HAVE_SYSLOG_H */ |
158 | ||
159 | /* Try very hard to exit. Note that signals may be blocked preventing | |
160 | the first two options from working. The use of volatile is here to | |
161 | prevent optimizers from "knowing" that __builtin_trap is called first, | |
162 | and that it doesn't return, and so "obviously" the rest of the code | |
163 | is dead. */ | |
164 | { | |
165 | volatile int state; | |
166 | for (state = 0; ; state++) | |
167 | switch (state) | |
168 | { | |
169 | case 0: | |
170 | __builtin_trap (); | |
171 | break; | |
172 | case 1: | |
173 | *(volatile int *)-1L = 0; | |
174 | break; | |
175 | case 2: | |
176 | _exit (127); | |
177 | break; | |
178 | } | |
179 | } | |
180 | } | |
181 | ||
182 | void | |
183 | __stack_chk_fail (void) | |
184 | { | |
185 | const char *msg = "*** stack smashing detected ***: "; | |
186 | fail (msg, strlen (msg), "stack smashing detected: terminated"); | |
187 | } | |
188 | ||
189 | void | |
190 | __chk_fail (void) | |
191 | { | |
192 | const char *msg = "*** buffer overflow detected ***: "; | |
193 | fail (msg, strlen (msg), "buffer overflow detected: terminated"); | |
194 | } | |
195 | ||
196 | #ifdef HAVE_HIDDEN_VISIBILITY | |
197 | void | |
198 | __attribute__((visibility ("hidden"))) | |
199 | __stack_chk_fail_local (void) | |
200 | { | |
201 | __stack_chk_fail (); | |
202 | } | |
203 | #endif |