git.ipfire.org Git - thirdparty/grub.git/commit

author	Glenn Washburn <development@efficientek.com>
	Tue, 19 Dec 2023 05:59:59 +0000 (23:59 -0600)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Wed, 20 Dec 2023 13:17:23 +0000 (14:17 +0100)
commit	e424e945c9298409e1c9b585a234d6676f3d4432
tree	86af7b4a371009dc18f90269bf50e4373adbf7df	tree
parent	7c8ae7dcbd59a963130a7aaae7a7348334465f74	commit \| diff

efi: Initialize canary to non-zero value

The canary, __stack_chk_guard, is in the BSS and so will get initialized to
zero if it is not explicitly initialized. If the UEFI firmware does not
support the RNG protocol, then the canary will not be randomized and will
be zero. This seems like a possibly easier value to write by an attacker.
Initialize canary to static random bytes, so that it is still random when
there is no RNG protocol. Set at least one byte to NUL to protect against
string buffer overflow attacks [1]. Code that writes NUL terminated strings
will terminate when a NUL is encountered in the input byte stream. So the
attacker will not be able to forge the canary by including it in the input
stream without terminating the string operation and thus limiting the
stack corruption.

[1] https://www.sans.org/blog/stack-canaries-gingerly-sidestepping-the-cage/

Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>