This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Fix default stack guard.

From: Kees Cook <kees at outflux dot net>
To: Tom de Vries <Tom_deVries at mentor dot com>
Cc: libc-alpha at sourceware dot org
Date: Wed, 15 Feb 2012 10:57:34 -0800
Subject: Re: Fix default stack guard.
References: <4F3BE241.9090409@mentor.com>

Hi Tom,

On Wed, Feb 15, 2012 at 05:50:09PM +0100, Tom de Vries wrote:
> The patch fixes the failing test-cases by restoring the default stack guard to
> what it was before the commit 'Make stack canary value harder to read through
> read overflow' (15a856b1090669df0aec536edbdf240e71a470ca).
> [...]
> diff --git a/sysdeps/unix/sysv/linux/dl-osinfo.h b/sysdeps/unix/sysv/linux/dl-osinfo.h
> index 874660b..780b20a 100644
> --- sysdeps/unix/sysv/linux/dl-osinfo.h
> +++ sysdeps/unix/sysv/linux/dl-osinfo.h
> @@ -84,8 +84,8 @@ _dl_setup_stack_chk_guard (void *dl_random)
>  	    return ret.num;
>  	}
>  # endif
> -      ret.bytes[filllen - 2] = 255;
> -      ret.bytes[filllen - 3] = '\n';
> +      ret.bytes[filllen] = 255;
> +      ret.bytes[filllen - 1] = '\n';
>      }
>    else
>  #endif

Yup, agreed. This restores the original behavior of the default canary
ending with 0x0a 0xff. This is what I had in the original patch for
http://sourceware.org/bugzilla/attachment.cgi?id=3933

I think it would be nice to add some comments in this area of the code
(as in my original patch), though, since the reasoning for the behaviors
is not clear without a lot of additional knowledge.

-Kees

-- 
Kees Cook                                            @outflux.net

References:
- Fix default stack guard.
  - From: Tom de Vries

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]