summary refs log tree commit diff
path: root/ports
diff options
context:
space:
mode:
authorCarlos O'Donell <carlos@redhat.com>2013-09-23 00:52:09 -0400
committerCarlos O'Donell <carlos@redhat.com>2013-09-23 00:52:09 -0400
commitc61b4d41c9647a54a329aa021341c0eb032b793e (patch)
treec4a665c232a7d37786a6f3b5e3f56d0ae11480e8 /ports
parent58a96064d193317236b740998e134b652d3d62ad (diff)
downloadglibc-c61b4d41c9647a54a329aa021341c0eb032b793e.tar.gz
glibc-c61b4d41c9647a54a329aa021341c0eb032b793e.tar.xz
glibc-c61b4d41c9647a54a329aa021341c0eb032b793e.zip
BZ #15754: CVE-2013-4788
The pointer guard used for pointer mangling was not initialized for
static applications resulting in the security feature being disabled.
The pointer guard is now correctly initialized to a random value for
static applications. Existing static applications need to be
recompiled to take advantage of the fix.

The test tst-ptrguard1-static and tst-ptrguard1 add regression
coverage to ensure the pointer guards are sufficiently random
and initialized to a default value.
Diffstat (limited to 'ports')
-rw-r--r--ports/ChangeLog.ia645
-rw-r--r--ports/ChangeLog.tile5
-rw-r--r--ports/sysdeps/ia64/stackguard-macros.h3
-rw-r--r--ports/sysdeps/tile/stackguard-macros.h6
4 files changed, 19 insertions, 0 deletions
diff --git a/ports/ChangeLog.ia64 b/ports/ChangeLog.ia64
index efe352e6bb..272f73a1b3 100644
--- a/ports/ChangeLog.ia64
+++ b/ports/ChangeLog.ia64
@@ -1,3 +1,8 @@
+2013-09-22  Carlos O'Donell  <carlos@redhat.com>
+
+	[BZ #15754]
+	* sysdeps/ia64/stackguard-macros.h: Define POINTER_CHK_GUARD.
+
 2013-08-30   Ondřej Bílka  <neleai@seznam.cz>
 
 	* sysdeps/ia64/fpu/libm_reduce.S: Fix typos.
diff --git a/ports/ChangeLog.tile b/ports/ChangeLog.tile
index 79d15b464c..dc2e7e412d 100644
--- a/ports/ChangeLog.tile
+++ b/ports/ChangeLog.tile
@@ -1,3 +1,8 @@
+2013-09-22  Carlos O'Donell  <carlos@redhat.com>
+
+	[BZ #15754]
+	* sysdeps/tile/stackguard-macros.h: Define POINTER_CHK_GUARD.
+
 2013-09-20  Andreas Schwab  <schwab@linux-m68k.org>
 
 	* sysdeps/tile/ffs.c (__ffs): Define as hidden.
diff --git a/ports/sysdeps/ia64/stackguard-macros.h b/ports/sysdeps/ia64/stackguard-macros.h
index dc683c28c5..390729327a 100644
--- a/ports/sysdeps/ia64/stackguard-macros.h
+++ b/ports/sysdeps/ia64/stackguard-macros.h
@@ -2,3 +2,6 @@
 
 #define STACK_CHK_GUARD \
   ({ uintptr_t x; asm ("adds %0 = -8, r13;; ld8 %0 = [%0]" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+  ({ uintptr_t x; asm ("adds %0 = -16, r13;; ld8 %0 = [%0]" : "=r" (x)); x; })
diff --git a/ports/sysdeps/tile/stackguard-macros.h b/ports/sysdeps/tile/stackguard-macros.h
index 589ea2b0d8..f2e041b99b 100644
--- a/ports/sysdeps/tile/stackguard-macros.h
+++ b/ports/sysdeps/tile/stackguard-macros.h
@@ -4,11 +4,17 @@
 # if __WORDSIZE == 64
 #  define STACK_CHK_GUARD \
   ({ uintptr_t x; asm ("addi %0, tp, -16; ld %0, %0" : "=r" (x)); x; })
+#  define POINTER_CHK_GUARD \
+  ({ uintptr_t x; asm ("addi %0, tp, -24; ld %0, %0" : "=r" (x)); x; })
 # else
 #  define STACK_CHK_GUARD \
   ({ uintptr_t x; asm ("addi %0, tp, -8; ld4s %0, %0" : "=r" (x)); x; })
+#  define POINTER_CHK_GUARD \
+  ({ uintptr_t x; asm ("addi %0, tp, -12; ld4s %0, %0" : "=r" (x)); x; })
 # endif
 #else
 # define STACK_CHK_GUARD \
   ({ uintptr_t x; asm ("addi %0, tp, -8; lw %0, %0" : "=r" (x)); x; })
+# define POINTER_CHK_GUARD \
+  ({ uintptr_t x; asm ("addi %0, tp, -12; lw %0, %0" : "=r" (x)); x; })
 #endif