This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Fix default stack guard.
- From: Kees Cook <kees at outflux dot net>
- To: Tom de Vries <Tom_deVries at mentor dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Wed, 15 Feb 2012 10:57:34 -0800
- Subject: Re: Fix default stack guard.
- References: <4F3BE241.9090409@mentor.com>
Hi Tom,
On Wed, Feb 15, 2012 at 05:50:09PM +0100, Tom de Vries wrote:
> The patch fixes the failing test-cases by restoring the default stack guard to
> what it was before the commit 'Make stack canary value harder to read through
> read overflow' (15a856b1090669df0aec536edbdf240e71a470ca).
> [...]
> diff --git a/sysdeps/unix/sysv/linux/dl-osinfo.h b/sysdeps/unix/sysv/linux/dl-osinfo.h
> index 874660b..780b20a 100644
> --- sysdeps/unix/sysv/linux/dl-osinfo.h
> +++ sysdeps/unix/sysv/linux/dl-osinfo.h
> @@ -84,8 +84,8 @@ _dl_setup_stack_chk_guard (void *dl_random)
> return ret.num;
> }
> # endif
> - ret.bytes[filllen - 2] = 255;
> - ret.bytes[filllen - 3] = '\n';
> + ret.bytes[filllen] = 255;
> + ret.bytes[filllen - 1] = '\n';
> }
> else
> #endif
Yup, agreed. This restores the original behavior of the default canary
ending with 0x0a 0xff. This is what I had in the original patch for
http://sourceware.org/bugzilla/attachment.cgi?id=3933
I think it would be nice to add some comments in this area of the code
(as in my original patch), though, since the reasoning for the behaviors
is not clear without a lot of additional knowledge.
-Kees
--
Kees Cook @outflux.net