This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] BZ #15754: CVE-2013-4788 (v3)
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>, Chris Metcalf <cmetcalf at tilera dot com>, David Miller <davem at davemloft dot net>, Mike Frysinger <vapier at gentoo dot org>
- Cc: Andreas Schwab <schwab at suse dot de>, "Joseph S. Myers" <joseph at codesourcery dot com>, Ismael Ripoll <iripoll at disca dot upv dot es>, Hector Marco <hecmargi at upv dot es>, Siddhesh Poyarekar <siddhesh at redhat dot com>, Andreas Jaeger <aj at suse dot com>
- Date: Mon, 23 Sep 2013 01:46:48 -0400
- Subject: Re: [PATCH] BZ #15754: CVE-2013-4788 (v3)
- Authentication-results: sourceware.org; auth=none
- References: <51E8EDF2 dot 40204 at redhat dot com> <Pine dot LNX dot 4 dot 64 dot 1307191644090 dot 9428 at digraph dot polyomino dot org dot uk> <51EC3044 dot 4080509 at redhat dot com> <mvmeha5ed9r dot fsf at hawking dot suse dot de> <5202AD5B dot 40105 at redhat dot com> <523FC842 dot 7040909 at redhat dot com>
On 09/23/2013 12:49 AM, Carlos O'Donell wrote:
> I would appreciate it if machine maintainers ran the testsuite
> and tweaked the offsets appropriately if they are not correct.
One problem I didn't notice.
> diff --git a/sysdeps/generic/stackguard-macros.h b/sysdeps/generic/stackguard-macros.h
> index ababf65..77408c6 100644
> --- a/sysdeps/generic/stackguard-macros.h
> +++ b/sysdeps/generic/stackguard-macros.h
> @@ -2,3 +2,6 @@
>
> extern uintptr_t __stack_chk_guard;
> #define STACK_CHK_GUARD __stack_chk_guard
> +
> +extern uintptr_t __pointer_chk_guard_local;
> +#define POINTER_CHK_GUARD __pointer_chk_guard_local
I failed to notice the non-static regression for
tst-ptrguard1.
On ARM it's __pointer_chk_guard in the dynamic case, and
__pointer_chk_guard_local in the static case. This is done
on purpose, I guess we could change the name of the variable
in csu/libc-start.c, but I think it's useful to have it remain
*_local to mirror the similar internal name in elf/rtld.c.
I've applied this fix. Both the dynamic and static tests pass now.
There should be no regressions.
2013-09-23 Carlos O'Donell <carlos@redhat.com>
[BZ #15754]
* sysdeps/generic/stackguard-macros.h: If PTRGUARD_LOCAL use
__pointer_chk_guard_local, otherwise __pointer_chk_guard.
* elf/Makefile: Define CFLAGS-tst-ptrguard1-static.c.
diff --git a/elf/Makefile b/elf/Makefile
index cb8da93..27d249b 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -1019,6 +1019,9 @@ tst-stackguard1-ARGS = --command "$(host-test-program-cmd) --child"
tst-stackguard1-static-ARGS = --command "$(objpfx)tst-stackguard1-static --child"
tst-ptrguard1-ARGS = --command "$(host-test-program-cmd) --child"
+# When built statically, the pointer guard interface uses
+# __pointer_chk_guard_local.
+CFLAGS-tst-ptrguard1-static.c = -DPTRGUARD_LOCAL
tst-ptrguard1-static-ARGS = --command "$(objpfx)tst-ptrguard1-static --child"
$(objpfx)tst-leaks1: $(libdl)
diff --git a/sysdeps/generic/stackguard-macros.h b/sysdeps/generic/stackguard-macros.h
index 4fa3d96..b4a6b23 100644
--- a/sysdeps/generic/stackguard-macros.h
+++ b/sysdeps/generic/stackguard-macros.h
@@ -3,5 +3,10 @@
extern uintptr_t __stack_chk_guard;
#define STACK_CHK_GUARD __stack_chk_guard
+#ifdef PTRGUARD_LOCAL
extern uintptr_t __pointer_chk_guard_local;
-#define POINTER_CHK_GUARD __pointer_chk_guard_local
+# define POINTER_CHK_GUARD __pointer_chk_guard_local
+#else
+extern uintptr_t __pointer_chk_guard;
+# define POINTER_CHK_GUARD __pointer_chk_guard
+#endif
---
Cheers,
Carlos.