This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.25-782-g422ff87

From: hjl at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 24 Jul 2017 13:09:38 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.25-782-g422ff87

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  422ff87c249ddc06701d096421db63343e4754be (commit)
      from  55703fcace89b53d7f41f7d85ede50571da2bcc8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=422ff87c249ddc06701d096421db63343e4754be

commit 422ff87c249ddc06701d096421db63343e4754be
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Mon Jul 24 06:06:08 2017 -0700

    Avoid accessing corrupted stack from __stack_chk_fail [BZ #21752]
    
    __libc_argv[0] points to address on stack and __libc_secure_getenv
    accesses environment variables which are on stack.  We should avoid
    accessing stack when stack is corrupted.
    
    This patch also renames function argument in __fortify_fail_abort
    from do_backtrace to need_backtrace to avoid confusion with do_backtrace
    from enum __libc_message_action.
    
    	[BZ #21752]
    	* debug/fortify_fail.c (__fortify_fail_abort): Don't pass down
    	__libc_argv[0] if we aren't doing backtrace.  Rename do_backtrace
    	to need_backtrace.
    	* sysdeps/posix/libc_fatal.c (__libc_message): Don't call
    	__libc_secure_getenv if we aren't doing backtrace.

diff --git a/ChangeLog b/ChangeLog
index 6f1fb54..7da4510 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2017-07-24  H.J. Lu  <hongjiu.lu@intel.com>
+
+	[BZ #21752]
+	* debug/fortify_fail.c (__fortify_fail_abort): Don't pass down
+	__libc_argv[0] if we aren't doing backtrace.  Rename do_backtrace
+	to need_backtrace.
+	* sysdeps/posix/libc_fatal.c (__libc_message): Don't call
+	__libc_secure_getenv if we aren't doing backtrace.
+
 2017-07-24  Andreas Schwab  <schwab@suse.de>
 
 	[BZ #21804]
diff --git a/debug/fortify_fail.c b/debug/fortify_fail.c
index c90d384..a0777ae 100644
--- a/debug/fortify_fail.c
+++ b/debug/fortify_fail.c
@@ -24,13 +24,17 @@ extern char **__libc_argv attribute_hidden;
 
 void
 __attribute__ ((noreturn)) internal_function
-__fortify_fail_abort (_Bool do_backtrace, const char *msg)
+__fortify_fail_abort (_Bool need_backtrace, const char *msg)
 {
-  /* The loop is added only to keep gcc happy.  */
+  /* The loop is added only to keep gcc happy.  Don't pass down
+     __libc_argv[0] if we aren't doing backtrace since __libc_argv[0]
+     may point to the corrupted stack.  */
   while (1)
-    __libc_message (do_backtrace ? (do_abort | do_backtrace) : do_abort,
+    __libc_message (need_backtrace ? (do_abort | do_backtrace) : do_abort,
 		    "*** %s ***: %s terminated\n",
-		    msg, __libc_argv[0] ?: "<unknown>");
+		    msg,
+		    (need_backtrace && __libc_argv[0] != NULL
+		     ? __libc_argv[0] : "<unknown>"));
 }
 
 void
diff --git a/sysdeps/posix/libc_fatal.c b/sysdeps/posix/libc_fatal.c
index 25af8bd..c918919 100644
--- a/sysdeps/posix/libc_fatal.c
+++ b/sysdeps/posix/libc_fatal.c
@@ -75,11 +75,16 @@ __libc_message (enum __libc_message_action action, const char *fmt, ...)
   FATAL_PREPARE;
 #endif
 
-  /* Open a descriptor for /dev/tty unless the user explicitly
-     requests errors on standard error.  */
-  const char *on_2 = __libc_secure_getenv ("LIBC_FATAL_STDERR_");
-  if (on_2 == NULL || *on_2 == '\0')
-    fd = open_not_cancel_2 (_PATH_TTY, O_RDWR | O_NOCTTY | O_NDELAY);
+  /* Don't call __libc_secure_getenv if we aren't doing backtrace, which
+     may access the corrupted stack.  */
+  if ((action & do_backtrace))
+    {
+      /* Open a descriptor for /dev/tty unless the user explicitly
+	 requests errors on standard error.  */
+      const char *on_2 = __libc_secure_getenv ("LIBC_FATAL_STDERR_");
+      if (on_2 == NULL || *on_2 == '\0')
+	fd = open_not_cancel_2 (_PATH_TTY, O_RDWR | O_NOCTTY | O_NDELAY);
+    }
 
   if (fd == -1)
     fd = STDERR_FILENO;

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                  |    9 +++++++++
 debug/fortify_fail.c       |   12 ++++++++----
 sysdeps/posix/libc_fatal.c |   15 ++++++++++-----
 3 files changed, 27 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]