RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 04:37:44 +00:00
Code Issues Activity Actions

LibC: Randomize the stack check cookie value on initialization

Browse source 
Previously we had a static stack check cookie value for LibC.
Now we randomize the cookie value on LibC initialization, this should
help make the stack check more difficult to attack (still possible just
a bigger pain). This should also help to catch more bugs.
This commit is contained in:
Brian Gianforcaro 2021-01-02 04:27:35 -08:00 committed by Andreas Kling
parent 9ec9d20e84
commit fd08c93ef5
2 changed files with 26 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
Libraries/LibC/crt0.cpp
View file

@ -33,6 +33,8 @@
extern "C" {
extern u32 __stack_chk_guard;
int main(int, char**, char**);
// Tell the compiler that this may be called from somewhere else.
@ -40,6 +42,12 @@ int _start(int argc, char** argv, char** env);
int _start(int argc, char** argv, char** env)
{
u32 original_stack_chk = __stack_chk_guard;
arc4random_buf(&__stack_chk_guard, sizeof(__stack_chk_guard));
if (__stack_chk_guard == 0)
__stack_chk_guard = original_stack_chk;
environ = env;
__environ_is_malloced = false;
@ -58,6 +66,11 @@ int _start(int argc, char** argv, char** env)
exit(status);
// We should never get here, but if we ever do, make sure to
// restore the stack guard to the value we entered _start with.
// Then we won't trigger the stack canary check on the way out.
__stack_chk_guard = original_stack_chk;
return 20150614;
}
}