diff options
| author | Georg Koppen <gk@torproject.org> | 2015-02-10 01:44:08 +0000 |
|---|---|---|
| committer | Jeff Law <law@redhat.com> | 2015-02-10 01:44:08 +0000 |
| commit | 528d0caad6819380b2bca844b7a802853f86fa6b (patch) | |
| tree | 39c5991cbcd01a490e24d4ab4f3dfb455aa5485f /libssp | |
| parent | 02e82266399c77c4d5d11f527f6d1c0cd9b9f433 (diff) | |
* ssp.c (__guard_setup): For Windows, use approved
methods to get a suitable random number for the stack
check guard rather than reading /dev/random.
git-svn-id: https://gcc.gnu.org/svn/gcc/trunk@220559 138bc75d-0d04-0410-961f-82ee72b054a4
Diffstat (limited to 'libssp')
| -rw-r--r-- | libssp/ChangeLog | 7 | ||||
| -rw-r--r-- | libssp/ssp.c | 16 |
2 files changed, 23 insertions, 0 deletions
diff --git a/libssp/ChangeLog b/libssp/ChangeLog index d1580a37e98..843992ebdb8 100644 --- a/libssp/ChangeLog +++ b/libssp/ChangeLog @@ -1,3 +1,10 @@ +2015-02-09 Georg Koppen <gk@torproject.org> + + * ssp.c: Conditionally include <windows.h> + (__guard_setup): For Windows, use approved methods to get + a suitable random number for the stack check guard rather + than reading /dev/random. + 2015-01-22 Matthias Klose <doko@ubuntu.com> * gets-chk.c: Declare prototype for gets in C11 mode. diff --git a/libssp/ssp.c b/libssp/ssp.c index 96adf17ce3f..38e3ec83f6b 100644 --- a/libssp/ssp.c +++ b/libssp/ssp.c @@ -55,6 +55,7 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see /* Native win32 apps don't know about /dev/tty but can print directly to the console using "CONOUT$" */ #if defined (_WIN32) && !defined (__CYGWIN__) +#include <windows.h> # define _PATH_TTY "CONOUT$" #else # define _PATH_TTY "/dev/tty" @@ -75,6 +76,20 @@ __guard_setup (void) if (__stack_chk_guard != 0) return; +#if defined (_WIN32) && !defined (__CYGWIN__) + HCRYPTPROV hprovider = 0; + if (CryptAcquireContext(&hprovider, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) + { + if (CryptGenRandom(hprovider, sizeof (__stack_chk_guard), + (BYTE *)&__stack_chk_guard) && __stack_chk_guard != 0) + { + CryptReleaseContext(hprovider, 0); + return; + } + CryptReleaseContext(hprovider, 0); + } +#else fd = open ("/dev/urandom", O_RDONLY); if (fd != -1) { @@ -85,6 +100,7 @@ __guard_setup (void) return; } +#endif /* If a random generator can't be used, the protector switches the guard to the "terminator canary". */ p = (unsigned char *) &__stack_chk_guard; |