protect stack canary from leak via read-as-string by zeroing second byte - mirror/musl

diff options

author	jvoisin <julien.voisin@dustri.org>	2021-12-13 21:05:19 +0100
committer	Rich Felker <dalias@aerifal.cx>	2022-03-08 16:52:25 -0500
commit	74a28a8af21977ebbc2945beb879f1b9b6ff13ba (patch)
tree	bdd571f09e938573bae3a579dc2f0e817b0c805a /src/unistd/nice.c
parent	7c0c7a75ec8ecf3eedefc40bb4dae5aaa76d7108 (diff)
download	musl-74a28a8af21977ebbc2945beb879f1b9b6ff13ba.tar.gz musl-74a28a8af21977ebbc2945beb879f1b9b6ff13ba.tar.xz musl-74a28a8af21977ebbc2945beb879f1b9b6ff13ba.zip

protect stack canary from leak via read-as-string by zeroing second byte

This reduces entropy of the canary from 64-bit to 56-bit in exchange
for mitigating non-terminated C string overflows by setting the second
byte of the canary to nul, so that off-by-one write overflow with a
nul byte can still be detected.

Idea from GrapheneOS bionic commit 7024d880b51f03a796ff8832f1298f2f1531fd7b

Diffstat (limited to 'src/unistd/nice.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: