Page MenuHomeFreeBSD
Files F150449779

D1080.id2226.diff
No OneTemporary
Actions

D1080.id2226.diff
View Options

Index: sys/amd64/linux/linux.h
===================================================================
--- sys/amd64/linux/linux.h
+++ sys/amd64/linux/linux.h
@@ -100,7 +100,7 @@
#define LINUX_NAME_MAX 255
#define LINUX_CTL_MAXNAME 10
-#define LINUX_AT_COUNT 17 /* Count of used aux entry types. */
+#define LINUX_AT_COUNT 19 /* Count of used aux entry types. */
struct l___sysctl_args
{
Index: sys/amd64/linux/linux_sysvec.c
===================================================================
--- sys/amd64/linux/linux_sysvec.c
+++ sys/amd64/linux/linux_sysvec.c
@@ -319,6 +319,9 @@
AUXARGS_ENTRY(pos, AT_EGID, imgp->proc->p_ucred->cr_svgid);
AUXARGS_ENTRY(pos, LINUX_AT_SECURE, 0);
AUXARGS_ENTRY(pos, LINUX_AT_PLATFORM, PTROUT(linux_platform));
+ AUXARGS_ENTRY(pos, LINUX_AT_RANDOM, imgp->canary);
+ if (imgp->execpathp != 0)
+ AUXARGS_ENTRY(pos, LINUX_AT_EXECFN, imgp->execpathp);
if (args->execfd != -1)
AUXARGS_ENTRY(pos, AT_EXECFD, args->execfd);
AUXARGS_ENTRY(pos, AT_NULL, 0);
@@ -345,16 +348,39 @@
char *stringp, *destp;
register_t *stack_base;
struct ps_strings *arginfo;
+ char canary[LINUX_AT_RANDOM_LEN];
+ size_t execpath_len;
struct proc *p;
/*
* Calculate string base and vector table pointers.
*/
+ if (imgp->execpath != NULL && imgp->auxargs != NULL)
+ execpath_len = strlen(imgp->execpath) + 1;
+ else
+ execpath_len = 0;
+
p = imgp->proc;
arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
destp = (caddr_t)arginfo - SPARE_USRSPACE -
+ roundup(sizeof(canary), sizeof(char *)) -
+ roundup(execpath_len, sizeof(char *)) -
roundup((ARG_MAX - imgp->args->stringspace), sizeof(char *));
+ if (execpath_len != 0) {
+ imgp->execpathp = (uintptr_t)arginfo - execpath_len;
+ copyout(imgp->execpath, (void *)imgp->execpathp, execpath_len);
+ }
+
+ /*
+ * Prepare the canary for SSP.
+ */
+ arc4rand(canary, sizeof(canary), 0);
+ imgp->canary = (uintptr_t)arginfo -
+ roundup(execpath_len, sizeof(char *)) -
+ roundup(sizeof(canary), sizeof(char *));
+ copyout(canary, (void *)imgp->canary, sizeof(canary));
+
/*
* If we have a valid auxargs ptr, prepare some room
* on the stack.
Index: sys/amd64/linux32/linux.h
===================================================================
--- sys/amd64/linux32/linux.h
+++ sys/amd64/linux32/linux.h
@@ -110,7 +110,7 @@
/*
* Miscellaneous
*/
-#define LINUX_AT_COUNT 18 /* Count of used aux entry types.
+#define LINUX_AT_COUNT 20 /* Count of used aux entry types.
* Keep this synchronized with
* elf_linux_fixup() code.
*/
Index: sys/amd64/linux32/linux32_sysvec.c
===================================================================
--- sys/amd64/linux32/linux32_sysvec.c
+++ sys/amd64/linux32/linux32_sysvec.c
@@ -289,6 +289,9 @@
AUXARGS_ENTRY_32(pos, AT_GID, imgp->proc->p_ucred->cr_rgid);
AUXARGS_ENTRY_32(pos, AT_EGID, imgp->proc->p_ucred->cr_svgid);
AUXARGS_ENTRY_32(pos, LINUX_AT_PLATFORM, PTROUT(linux_platform));
+ AUXARGS_ENTRY(pos, LINUX_AT_RANDOM, PTROUT(imgp->canary));
+ if (imgp->execpathp != 0)
+ AUXARGS_ENTRY(pos, LINUX_AT_EXECFN, PTROUT(imgp->execpathp));
if (args->execfd != -1)
AUXARGS_ENTRY_32(pos, AT_EXECFD, args->execfd);
AUXARGS_ENTRY_32(pos, AT_NULL, 0);
@@ -869,14 +872,37 @@
char *stringp, *destp;
u_int32_t *stack_base;
struct linux32_ps_strings *arginfo;
+ char canary[LINUX_AT_RANDOM_LEN];
+ size_t execpath_len;
/*
* Calculate string base and vector table pointers.
*/
+ if (imgp->execpath != NULL && imgp->auxargs != NULL)
+ execpath_len = strlen(imgp->execpath) + 1;
+ else
+ execpath_len = 0;
+
arginfo = (struct linux32_ps_strings *)LINUX32_PS_STRINGS;
destp = (caddr_t)arginfo - SPARE_USRSPACE -
+ roundup(sizeof(canary), sizeof(char *)) -
+ roundup(execpath_len, sizeof(char *)) -
roundup((ARG_MAX - imgp->args->stringspace), sizeof(char *));
+ if (execpath_len != 0) {
+ imgp->execpathp = (uintptr_t)arginfo - execpath_len;
+ copyout(imgp->execpath, (void *)imgp->execpathp, execpath_len);
+ }
+
+ /*
+ * Prepare the canary for SSP.
+ */
+ arc4rand(canary, sizeof(canary), 0);
+ imgp->canary = (uintptr_t)arginfo -
+ roundup(execpath_len, sizeof(char *)) -
+ roundup(sizeof(canary), sizeof(char *));
+ copyout(canary, (void *)imgp->canary, sizeof(canary));
+
/*
* If we have a valid auxargs ptr, prepare some room
* on the stack.
Index: sys/compat/linux/linux_misc.h
===================================================================
--- sys/compat/linux/linux_misc.h
+++ sys/compat/linux/linux_misc.h
@@ -70,10 +70,13 @@
#define LINUX_AT_BASE_PLATFORM 24 /* string identifying real platform, may
* differ from AT_PLATFORM.
*/
+#define LINUX_AT_RANDOM 25 /* address of random bytes */
#define LINUX_AT_EXECFN 31 /* filename of program */
#define LINUX_AT_SYSINFO 32 /* vsyscall */
#define LINUX_AT_SYSINFO_EHDR 33 /* vdso header */
+#define LINUX_AT_RANDOM_LEN 16 /* size of random bytes */
+
/* Linux sets the i387 to extended precision. */
#if defined(__i386__) || defined(__amd64__)
#define __LINUX_NPXCW__ 0x37f
Index: sys/i386/linux/linux.h
===================================================================
--- sys/i386/linux/linux.h
+++ sys/i386/linux/linux.h
@@ -104,7 +104,7 @@
/*
* Miscellaneous
*/
-#define LINUX_AT_COUNT 18 /* Count of used aux entry types.
+#define LINUX_AT_COUNT 20 /* Count of used aux entry types.
* Keep this synchronized with
* elf_linux_fixup() code.
*/
Index: sys/i386/linux/linux_sysvec.c
===================================================================
--- sys/i386/linux/linux_sysvec.c
+++ sys/i386/linux/linux_sysvec.c
@@ -298,6 +298,9 @@
AUXARGS_ENTRY(pos, AT_GID, imgp->proc->p_ucred->cr_rgid);
AUXARGS_ENTRY(pos, AT_EGID, imgp->proc->p_ucred->cr_svgid);
AUXARGS_ENTRY(pos, LINUX_AT_PLATFORM, PTROUT(uplatform));
+ AUXARGS_ENTRY(pos, LINUX_AT_RANDOM, imgp->canary);
+ if (imgp->execpathp != 0)
+ AUXARGS_ENTRY(pos, LINUX_AT_EXECFN, imgp->execpathp);
if (args->execfd != -1)
AUXARGS_ENTRY(pos, AT_EXECFD, args->execfd);
AUXARGS_ENTRY(pos, AT_NULL, 0);
@@ -321,14 +324,22 @@
char *stringp, *destp;
register_t *stack_base;
struct ps_strings *arginfo;
+ char canary[LINUX_AT_RANDOM_LEN];
+ size_t execpath_len;
struct proc *p;
/*
* Calculate string base and vector table pointers.
*/
p = imgp->proc;
+ if (imgp->execpath != NULL && imgp->auxargs != NULL)
+ execpath_len = strlen(imgp->execpath) + 1;
+ else
+ execpath_len = 0;
arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
destp = (caddr_t)arginfo - SPARE_USRSPACE - linux_szplatform -
+ roundup(sizeof(canary), sizeof(char *)) -
+ roundup(execpath_len, sizeof(char *)) -
roundup((ARG_MAX - imgp->args->stringspace), sizeof(char *));
/*
@@ -337,6 +348,21 @@
copyout(linux_kplatform, ((caddr_t)arginfo - linux_szplatform),
linux_szplatform);
+ if (execpath_len != 0) {
+ imgp->execpathp = (uintptr_t)arginfo -
+ linux_szplatform - execpath_len;
+ copyout(imgp->execpath, (void *)imgp->execpathp, execpath_len);
+ }
+
+ /*
+ * Prepare the canary for SSP.
+ */
+ arc4rand(canary, sizeof(canary), 0);
+ imgp->canary = (uintptr_t)arginfo - linux_szplatform -
+ roundup(execpath_len, sizeof(char *)) -
+ roundup(sizeof(canary), sizeof(char *));
+ copyout(canary, (void *)imgp->canary, sizeof(canary));
+
/*
* If we have a valid auxargs ptr, prepare some room
* on the stack.

File Metadata

Mime Type
text/plain
Expires
Thu, Apr 2, 7:37 AM (13 h, 13 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
30714220
Default Alt Text
D1080.id2226.diff (7 KB)

Event Timeline