ensure canary is setup if stack-prot libs are dlopen'd into non-ssp app
previously, this usage could lead to a crash if the thread pointer was
still uninitialized, and otherwise would just cause the canary to be
zero (less secure).
diff --git a/src/env/__stack_chk_fail.c b/src/env/__stack_chk_fail.c
index c6d0feb..eac852b 100644
--- a/src/env/__stack_chk_fail.c
+++ b/src/env/__stack_chk_fail.c
@@ -14,7 +14,8 @@
for (i=0; auxv[i] && auxv[i]!=AT_RANDOM; i+=2);
if (auxv[i]) memcpy(&canary, (void *)auxv[i+1], sizeof canary);
else canary = (uintptr_t)&canary * 1103515245;
- __stack_chk_guard = self->canary = canary;
+ a_cas_l(&__stack_chk_guard, 0, canary);
+ self->canary = __stack_chk_guard;
}
void __stack_chk_fail(void)
diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c
index d7d6800..6ffda49 100644
--- a/src/ldso/dynlink.c
+++ b/src/ldso/dynlink.c
@@ -81,6 +81,7 @@
static jmp_buf rtld_fail;
static pthread_rwlock_t lock;
static struct debug debug;
+static size_t *auxv;
struct debug *_dl_debug_addr = &debug;
@@ -603,7 +604,7 @@
void *__dynlink(int argc, char **argv)
{
- size_t *auxv, aux[AUX_CNT] = {0};
+ size_t aux[AUX_CNT] = {0};
size_t i;
Phdr *phdr;
Ehdr *ehdr;
@@ -838,6 +839,8 @@
p->global = 1;
}
+ if (ssp_used) __init_ssp(auxv);
+
_dl_debug_state();
do_init_fini(tail);