libssp/ssp.c

   1 /* Stack protector support.
   2    Copyright (C) 2005 Free Software Foundation, Inc.
   3
   4 This file is part of GCC.
   5
   6 GCC is free software; you can redistribute it and/or modify it under
   7 the terms of the GNU General Public License as published by the Free
   8 Software Foundation; either version 2, or (at your option) any later
   9 version.
  10
  11 In addition to the permissions in the GNU General Public License, the
  12 Free Software Foundation gives you unlimited permission to link the
  13 compiled version of this file into combinations with other programs,
  14 and to distribute those combinations without any restriction coming
  15 from the use of this file.  (The General Public License restrictions
  16 do apply in other respects; for example, they cover modification of
  17 the file, and distribution when not linked into a combine
  18 executable.)
  19
  20 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
  21 WARRANTY; without even the implied warranty of MERCHANTABILITY or
  22 FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  23 for more details.
  24
  25 You should have received a copy of the GNU General Public License
  26 along with GCC; see the file COPYING.  If not, write to the Free
  27 Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA
  28 02110-1301, USA.  */
  29
  30 /* As a special exception, if you link this library with files compiled with
  31    GCC to produce an executable, this does not cause the resulting executable
  32    to be covered by the GNU General Public License. This exception does not
  33    however invalidate any other reasons why the executable file might be
  34    covered by the GNU General Public License.  */
  35
  36 #include "config.h"
  37 #ifdef HAVE_ALLOCA_H
  38 # include <alloca.h>
  39 #endif
  40 #ifdef HAVE_STRING_H
  41 # include <string.h>
  42 #endif
  43 #ifdef HAVE_UNISTD_H
  44 # include <unistd.h>
  45 #endif
  46 #ifdef HAVE_FCNTL_H
  47 # include <fcntl.h>
  48 #endif
  49 #ifdef HAVE_PATHS_H
  50 # include <paths.h>
  51 #endif
  52 #ifndef _PATH_TTY
  53 /* Native win32 apps don't know about /dev/tty but can print directly
  54    to the console using  "CONOUT$"   */
  55 #if defined (_WIN32) && !defined (__CYGWIN__)
  56 # define _PATH_TTY "CONOUT$"
  57 #else
  58 # define _PATH_TTY "/dev/tty"
  59 #endif
  60 #endif
  61 #ifdef HAVE_SYSLOG_H
  62 # include <syslog.h>
  63 #endif
  64
  65 void *__stack_chk_guard = 0;
  66
  67 static void __attribute__ ((constructor))
  68 __guard_setup (void)
  69 {
  70   unsigned char *p;
  71   int fd;
  72
  73   if (__stack_chk_guard != 0)
  74     return;
  75
  76   fd = open ("/dev/urandom", O_RDONLY);
  77   if (fd != -1)
  78     {
  79       ssize_t size = read (fd, &__stack_chk_guard,
  80                            sizeof (__stack_chk_guard));
  81       close (fd);
  82       if (size == sizeof(__stack_chk_guard) && __stack_chk_guard != 0)
  83         return;
  84     }
  85
  86   /* If a random generator can't be used, the protector switches the guard
  87      to the "terminator canary".  */
  88   p = (unsigned char *) &__stack_chk_guard;
  89   p[sizeof(__stack_chk_guard)-1] = 255;
  90   p[sizeof(__stack_chk_guard)-2] = '\n';
  91   p[0] = 0;
  92 }
  93
  94 static void
  95 fail (const char *msg1, size_t msg1len, const char *msg3)
  96 {
  97 #ifdef __GNU_LIBRARY__
  98   extern char * __progname;
  99 #else
 100   static const char __progname[] = "";
 101 #endif
 102   int fd;
 103
 104   /* Print error message directly to the tty.  This avoids Bad Things
 105      happening if stderr is redirected.  */
 106   fd = open (_PATH_TTY, O_WRONLY);
 107   if (fd != -1)
 108     {
 109       static const char msg2[] = " terminated\n";
 110       size_t progname_len, len;
 111       char *buf, *p;
 112
 113       progname_len = strlen (__progname);
 114       len = msg1len + progname_len + sizeof(msg2)-1 + 1;
 115       p = buf = alloca (len);
 116
 117       memcpy (p, msg1, msg1len);
 118       p += msg1len;
 119       memcpy (p, __progname, progname_len);
 120       p += progname_len;
 121       memcpy (p, msg2, sizeof(msg2));
 122
 123       while (len > 0)
 124         {
 125           ssize_t wrote = write (fd, buf, len);
 126           if (wrote < 0)
 127             break;
 128           buf += wrote;
 129           len -= wrote;
 130         }
 131       close (fd);
 132     }
 133
 134 #ifdef HAVE_SYSLOG_H
 135   /* Only send the error to syslog if there was no tty available.  */
 136   else
 137     syslog (LOG_CRIT, msg3);
 138 #endif /* HAVE_SYSLOG_H */
 139
 140   /* Try very hard to exit.  Note that signals may be blocked preventing
 141      the first two options from working.  The use of volatile is here to
 142      prevent optimizers from "knowing" that __builtin_trap is called first,
 143      and that it doesn't return, and so "obviously" the rest of the code
 144      is dead.  */
 145   {
 146     volatile int state;
 147     for (state = 0; ; state++)
 148       switch (state)
 149         {
 150         case 0:
 151           __builtin_trap ();
 152           break;
 153         case 1:
 154           *(volatile int *)-1L = 0;
 155           break;
 156         case 2:
 157           _exit (127);
 158           break;
 159         }
 160   }
 161 }
 162
 163 void
 164 __stack_chk_fail (void)
 165 {
 166   const char *msg = "*** stack smashing detected ***: ";
 167   fail (msg, strlen (msg), "stack smashing detected: terminated");
 168 }
 169
 170 void
 171 __chk_fail (void)
 172 {
 173   const char *msg = "*** buffer overflow detected ***: ";
 174   fail (msg, strlen (msg), "buffer overflow detected: terminated");
 175 }
 176
 177 #ifdef HAVE_HIDDEN_VISIBILITY
 178 void
 179 __attribute__((visibility ("hidden")))
 180 __stack_chk_fail_local (void)
 181 {
 182   __stack_chk_fail ();
 183 }
 184 #endif