BZ #15754: CVE-2013-4788

The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix. The test tst-ptrguard1-static and tst-ptrguard1 add regression coverage to ensure the pointer guards are sufficiently random and initialized to a default value.
author: Carlos O'Donell <carlos@redhat.com> 2013-09-23 00:52:09 -0400
committer: Carlos O'Donell <carlos@redhat.com> 2013-09-23 00:52:09 -0400
commit: c61b4d41c9647a54a329aa021341c0eb032b793e (patch)
tree: c4a665c232a7d37786a6f3b5e3f56d0ae11480e8 /sysdeps/x86_64
parent: 58a96064d193317236b740998e134b652d3d62ad (diff)
download: glibc-c61b4d41c9647a54a329aa021341c0eb032b793e.tar.gz
glibc-c61b4d41c9647a54a329aa021341c0eb032b793e.tar.xz
glibc-c61b4d41c9647a54a329aa021341c0eb032b793e.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/sysdeps/x86_64/stackguard-macros.h b/sysdeps/x86_64/stackguard-macros.h
index d7fedb3737..1948800cd0 100644
--- a/sysdeps/x86_64/stackguard-macros.h
+++ b/sysdeps/x86_64/stackguard-macros.h
@@ -4,3 +4,8 @@
   ({ uintptr_t x;						\
      asm ("mov %%fs:%c1, %0" : "=r" (x)				\
 	  : "i" (offsetof (tcbhead_t, stack_guard))); x; })
+
+#define POINTER_CHK_GUARD \
+  ({ uintptr_t x;						\
+     asm ("mov %%fs:%c1, %0" : "=r" (x)				\
+	  : "i" (offsetof (tcbhead_t, pointer_guard))); x; })
author	Carlos O'Donell <carlos@redhat.com>	2013-09-23 00:52:09 -0400
committer	Carlos O'Donell <carlos@redhat.com>	2013-09-23 00:52:09 -0400
commit	c61b4d41c9647a54a329aa021341c0eb032b793e (patch)
tree	c4a665c232a7d37786a6f3b5e3f56d0ae11480e8 /sysdeps/x86_64
parent	58a96064d193317236b740998e134b652d3d62ad (diff)
download	glibc-c61b4d41c9647a54a329aa021341c0eb032b793e.tar.gz glibc-c61b4d41c9647a54a329aa021341c0eb032b793e.tar.xz glibc-c61b4d41c9647a54a329aa021341c0eb032b793e.zip