[thirdparty/gcc.git] / libssp / ssp.c

/* Stack protector support.
   Copyright (C) 2005-2023 Free Software Foundation, Inc.

This file is part of GCC.

GCC is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 3, or (at your option) any later
version.

In addition to the permissions in the GNU General Public License, the
Free Software Foundation gives you unlimited permission to link the
compiled version of this file into combinations with other programs,
and to distribute those combinations without any restriction coming
from the use of this file.  (The General Public License restrictions
do apply in other respects; for example, they cover modification of
the file, and distribution when not linked into a combine
executable.)

GCC is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
for more details.

Under Section 7 of GPL version 3, you are granted additional
permissions described in the GCC Runtime Library Exception, version
3.1, as published by the Free Software Foundation.

You should have received a copy of the GNU General Public License and
a copy of the GCC Runtime Library Exception along with this program;
see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
<http://www.gnu.org/licenses/>.  */


#include "config.h"
#ifdef HAVE_ALLOCA_H
# include <alloca.h>
#endif
#ifdef HAVE_MALLOC_H
# include <malloc.h>
#endif
#ifdef HAVE_STRING_H
# include <string.h>
#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
#ifndef _PATH_TTY
/* Native win32 apps don't know about /dev/tty but can print directly
   to the console using  "CONOUT$"   */
#if defined (_WIN32) && !defined (__CYGWIN__)
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <wincrypt.h>
# define _PATH_TTY "CONOUT$"
#else
# define _PATH_TTY "/dev/tty"
#endif
#endif
#ifdef HAVE_SYSLOG_H
# include <syslog.h>
#endif

void *__stack_chk_guard = 0;

static void __attribute__ ((constructor))
__guard_setup (void)
{
  unsigned char *p;

  if (__stack_chk_guard != 0)
    return;

#if defined (_WIN32) && !defined (__CYGWIN__)
  HCRYPTPROV hprovider = 0;
  if (CryptAcquireContext(&hprovider, NULL, NULL, PROV_RSA_FULL,
                          CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
    {
      if (CryptGenRandom(hprovider, sizeof (__stack_chk_guard),
          (BYTE *)&__stack_chk_guard) &&  __stack_chk_guard != 0)
        {
           CryptReleaseContext(hprovider, 0);
           return;
        }
      CryptReleaseContext(hprovider, 0);
    }
#else
  int fd = open ("/dev/urandom", O_RDONLY);
  if (fd != -1)
    {
      ssize_t size = read (fd, &__stack_chk_guard,
                           sizeof (__stack_chk_guard));
      close (fd);
      if (size == sizeof(__stack_chk_guard) && __stack_chk_guard != 0)
        return;
    }

#endif
  /* If a random generator can't be used, the protector switches the guard
     to the "terminator canary".  */
  p = (unsigned char *) &__stack_chk_guard;
  p[sizeof(__stack_chk_guard)-1] = 255;
  p[sizeof(__stack_chk_guard)-2] = '\n';
  p[0] = 0;
}

static void
fail (const char *msg1, size_t msg1len, const char *msg3)
{
#ifdef __GNU_LIBRARY__
  extern char * __progname;
#else
  static const char __progname[] = "";
#endif
  int fd;

  /* Print error message directly to the tty.  This avoids Bad Things
     happening if stderr is redirected.  */
  fd = open (_PATH_TTY, O_WRONLY);
  if (fd != -1)
    {
      static const char msg2[] = " terminated\n";
      size_t progname_len, len;
      char *buf, *p;

      progname_len = strlen (__progname);
      len = msg1len + progname_len + sizeof(msg2)-1 + 1;
      p = buf = alloca (len);

      memcpy (p, msg1, msg1len);
      p += msg1len;
      memcpy (p, __progname, progname_len);
      p += progname_len;
      memcpy (p, msg2, sizeof(msg2));

      while (len > 0)
        {
          ssize_t wrote = write (fd, buf, len);
          if (wrote < 0)
            break;
          buf += wrote;
          len -= wrote;
        }
      close (fd);
    }

#ifdef HAVE_SYSLOG_H
  /* Only send the error to syslog if there was no tty available.  */
  else
    syslog (LOG_CRIT, "%s", msg3);
#endif /* HAVE_SYSLOG_H */

  /* Try very hard to exit.  Note that signals may be blocked preventing
     the first two options from working.  The use of volatile is here to
     prevent optimizers from "knowing" that __builtin_trap is called first,
     and that it doesn't return, and so "obviously" the rest of the code
     is dead.  */
  {
    volatile int state;
    for (state = 0; ; state++)
      switch (state)
        {
        case 0:
          __builtin_trap ();
          break;
        case 1:
          *(volatile int *)-1L = 0;
          break;
        case 2:
          _exit (127);
          break;
        }
  }
}

void
__stack_chk_fail (void)
{
  const char *msg = "*** stack smashing detected ***: ";
  fail (msg, strlen (msg), "stack smashing detected: terminated");
}

void
__chk_fail (void)
{
  const char *msg = "*** buffer overflow detected ***: ";
  fail (msg, strlen (msg), "buffer overflow detected: terminated");
}

#ifdef HAVE_HIDDEN_VISIBILITY
void
__attribute__((visibility ("hidden")))
__stack_chk_fail_local (void)
{
  __stack_chk_fail ();
}
#endif
Commit	Line	Data
77008252	1	/* Stack protector support.
83ffe9cd	2	Copyright (C) 2005-2023 Free Software Foundation, Inc.
77008252 JJ	3
	4	This file is part of GCC.
	5
	6	GCC is free software; you can redistribute it and/or modify it under
	7	the terms of the GNU General Public License as published by the Free
748086b7	8	Software Foundation; either version 3, or (at your option) any later
77008252 JJ	9	version.
	10
	11	In addition to the permissions in the GNU General Public License, the
	12	Free Software Foundation gives you unlimited permission to link the
	13	compiled version of this file into combinations with other programs,
	14	and to distribute those combinations without any restriction coming
	15	from the use of this file. (The General Public License restrictions
	16	do apply in other respects; for example, they cover modification of
	17	the file, and distribution when not linked into a combine
	18	executable.)
	19
	20	GCC is distributed in the hope that it will be useful, but WITHOUT ANY
	21	WARRANTY; without even the implied warranty of MERCHANTABILITY or
	22	FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	23	for more details.
	24
748086b7 JJ	25	Under Section 7 of GPL version 3, you are granted additional
	26	permissions described in the GCC Runtime Library Exception, version
	27	3.1, as published by the Free Software Foundation.
	28
	29	You should have received a copy of the GNU General Public License and
	30	a copy of the GCC Runtime Library Exception along with this program;
	31	see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
	32	<http://www.gnu.org/licenses/>. */
77008252	33
77008252 JJ	34
	35	#include "config.h"
	36	#ifdef HAVE_ALLOCA_H
	37	# include <alloca.h>
	38	#endif
266aa805 OS	39	#ifdef HAVE_MALLOC_H
	40	# include <malloc.h>
	41	#endif
77008252 JJ	42	#ifdef HAVE_STRING_H
	43	# include <string.h>
	44	#endif
	45	#ifdef HAVE_UNISTD_H
	46	# include <unistd.h>
	47	#endif
	48	#ifdef HAVE_FCNTL_H
	49	# include <fcntl.h>
	50	#endif
	51	#ifdef HAVE_PATHS_H
	52	# include <paths.h>
	53	#endif
	54	#ifndef _PATH_TTY
00f97e5a DS	55	/* Native win32 apps don't know about /dev/tty but can print directly
	56	to the console using "CONOUT$" */
	57	#if defined (_WIN32) && !defined (__CYGWIN__)
902c7559	58	#define WIN32_LEAN_AND_MEAN
adebb6e7	59	#include <windows.h>
ca47576a	60	#include <wincrypt.h>
00f97e5a DS	61	# define _PATH_TTY "CONOUT$"
00f97e5a DS	62	#else
77008252 JJ	63	# define _PATH_TTY "/dev/tty"
77008252 JJ	64	#endif
00f97e5a	65	#endif
77008252 JJ	66	#ifdef HAVE_SYSLOG_H
	67	# include <syslog.h>
	68	#endif
	69
	70	void *__stack_chk_guard = 0;
	71
	72	static void __attribute__ ((constructor))
	73	__guard_setup (void)
	74	{
	75	unsigned char *p;
77008252 JJ	76
	77	if (__stack_chk_guard != 0)
	78	return;
	79
adebb6e7 GK	80	#if defined (_WIN32) && !defined (__CYGWIN__)
	81	HCRYPTPROV hprovider = 0;
	82	if (CryptAcquireContext(&hprovider, NULL, NULL, PROV_RSA_FULL,
	83	CRYPT_VERIFYCONTEXT \| CRYPT_SILENT))
	84	{
	85	if (CryptGenRandom(hprovider, sizeof (__stack_chk_guard),
	86	(BYTE *)&__stack_chk_guard) && __stack_chk_guard != 0)
	87	{
	88	CryptReleaseContext(hprovider, 0);
	89	return;
	90	}
	91	CryptReleaseContext(hprovider, 0);
	92	}
	93	#else
5738fe88	94	int fd = open ("/dev/urandom", O_RDONLY);
77008252 JJ	95	if (fd != -1)
	96	{
	97	ssize_t size = read (fd, &__stack_chk_guard,
	98	sizeof (__stack_chk_guard));
	99	close (fd);
	100	if (size == sizeof(__stack_chk_guard) && __stack_chk_guard != 0)
	101	return;
	102	}
	103
adebb6e7	104	#endif
77008252 JJ	105	/* If a random generator can't be used, the protector switches the guard
	106	to the "terminator canary". */
	107	p = (unsigned char *) &__stack_chk_guard;
	108	p[sizeof(__stack_chk_guard)-1] = 255;
	109	p[sizeof(__stack_chk_guard)-2] = '\n';
	110	p[0] = 0;
	111	}
	112
	113	static void
	114	fail (const char msg1, size_t msg1len, const char msg3)
	115	{
	116	#ifdef __GNU_LIBRARY__
	117	extern char * __progname;
	118	#else
	119	static const char __progname[] = "";
	120	#endif
	121	int fd;
	122
	123	/* Print error message directly to the tty. This avoids Bad Things
	124	happening if stderr is redirected. */
	125	fd = open (_PATH_TTY, O_WRONLY);
	126	if (fd != -1)
	127	{
	128	static const char msg2[] = " terminated\n";
	129	size_t progname_len, len;
	130	char buf, p;
	131
	132	progname_len = strlen (__progname);
	133	len = msg1len + progname_len + sizeof(msg2)-1 + 1;
	134	p = buf = alloca (len);
	135
	136	memcpy (p, msg1, msg1len);
	137	p += msg1len;
	138	memcpy (p, __progname, progname_len);
	139	p += progname_len;
	140	memcpy (p, msg2, sizeof(msg2));
	141
	142	while (len > 0)
	143	{
	144	ssize_t wrote = write (fd, buf, len);
	145	if (wrote < 0)
	146	break;
	147	buf += wrote;
	148	len -= wrote;
	149	}
	150	close (fd);
	151	}
	152
	153	#ifdef HAVE_SYSLOG_H
	154	/* Only send the error to syslog if there was no tty available. */
	155	else
b32f3fef	156	syslog (LOG_CRIT, "%s", msg3);
77008252 JJ	157	#endif /* HAVE_SYSLOG_H */
	158
	159	/* Try very hard to exit. Note that signals may be blocked preventing
	160	the first two options from working. The use of volatile is here to
	161	prevent optimizers from "knowing" that __builtin_trap is called first,
	162	and that it doesn't return, and so "obviously" the rest of the code
	163	is dead. */
	164	{
	165	volatile int state;
	166	for (state = 0; ; state++)
	167	switch (state)
	168	{
	169	case 0:
	170	__builtin_trap ();
	171	break;
	172	case 1:
	173	(volatile int )-1L = 0;
	174	break;
	175	case 2:
	176	_exit (127);
	177	break;
	178	}
	179	}
	180	}
	181
	182	void
	183	__stack_chk_fail (void)
	184	{
	185	const char msg = " stack smashing detected *: ";
	186	fail (msg, strlen (msg), "stack smashing detected: terminated");
	187	}
	188
	189	void
	190	__chk_fail (void)
	191	{
	192	const char msg = " buffer overflow detected *: ";
	193	fail (msg, strlen (msg), "buffer overflow detected: terminated");
	194	}
	195
	196	#ifdef HAVE_HIDDEN_VISIBILITY
	197	void
	198	__attribute__((visibility ("hidden")))
	199	__stack_chk_fail_local (void)
	200	{
	201	__stack_chk_fail ();
	202	}
	203	#endif