RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-31 16:32:45 +00:00
Code Issues Activity Actions
serenity/Libraries/LibC/cxxabi.cpp
Brian Gianforcaro 06da50afc7 Build + LibC: Enable -fstack-protector-strong in user space 
Modify the user mode runtime to insert stack canaries to find stack corruptions.

The `-fstack-protector-strong` variant was chosen because it catches more
issues than vanilla `-fstack-protector`, but doesn't have substantial
performance impact like `-fstack-protector-all`.

Details:

    -fstack-protector enables stack protection for vulnerable functions that contain:

    * A character array larger than 8 bytes.
    * An 8-bit integer array larger than 8 bytes.
    * A call to alloca() with either a variable size or a constant size bigger than 8 bytes.

    -fstack-protector-strong enables stack protection for vulnerable functions that contain:

    * An array of any size and type.
    * A call to alloca().
    * A local variable that has its address taken.

Example of it catching corrupting in the `stack-smash` test:
```
courage ~ $ ./user/Tests/LibC/stack-smash
[+] Starting the stack smash ...
Error: Stack protector failure, stack smashing detected!
Shell: Job 1 (/usr/Tests/LibC/stack-smash) Aborted
```
2021-01-02 11:34:55 +01:00

89 lines
3.3 KiB
C++
Raw Blame History

/*
* Copyright (c) 2019-2020, Andrew Kaster <andrewdkaster@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/internals.h>
//#define GLOBAL_DTORS_DEBUG
extern "C" {
struct __exit_entry {
AtExitFunction method;
void* parameter;
void* dso_handle;
bool has_been_called;
};
static __exit_entry __exit_entries[1024] {};
static int __exit_entry_count = 0;
int __cxa_atexit(AtExitFunction exit_function, void* parameter, void* dso_handle)
{
if (__exit_entry_count >= 1024)
return -1;
__exit_entries[__exit_entry_count++] = { exit_function, parameter, dso_handle, false };
return 0;
}
void __cxa_finalize(void* dso_handle)
{
// From the itanium abi, https://itanium-cxx-abi.github.io/cxx-abi/abi.html#dso-dtor-runtime-api
//
// When __cxa_finalize(d) is called, it should walk the termination function list, calling each in turn
// if d matches __dso_handle for the termination function entry. If d == NULL, it should call all of them.
// Multiple calls to __cxa_finalize shall not result in calling termination function entries multiple times;
// the implementation may either remove entries or mark them finished.
int entry_index = __exit_entry_count;
#ifdef GLOBAL_DTORS_DEBUG
dbgprintf("__cxa_finalize: %d entries in the finalizer list\n", entry_index);
#endif
while (--entry_index >= 0) {
auto& exit_entry = __exit_entries[entry_index];
bool needs_calling = !exit_entry.has_been_called && (!dso_handle || dso_handle == exit_entry.dso_handle);
if (needs_calling) {
#ifdef GLOBAL_DTORS_DEBUG
dbgprintf("__cxa_finalize: calling entry[%d] %p(%p) dso: %p\n", entry_index, exit_entry.method, exit_entry.parameter, exit_entry.dso_handle);
#endif
exit_entry.method(exit_entry.parameter);
exit_entry.has_been_called = true;
}
}
}
[[noreturn]] void __cxa_pure_virtual()
{
ASSERT_NOT_REACHED();
}
} // extern "C"
Reference in a new issue View git blame Copy permalink