This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/12189] __stack_chk_fail should not attempt a backtrace (CVE-2010-3192)

From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Tue, 11 Jul 2017 10:36:42 +0000
Subject: [Bug libc/12189] __stack_chk_fail should not attempt a backtrace (CVE-2010-3192)
Auto-submitted: auto-generated
References: <bug-12189-131@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=12189

--- Comment #18 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, hjl/pr12189 has been created
        at  58b69898e9adecefe85c1a421d287a800d974f1b (commit)

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=58b69898e9adecefe85c1a421d287a800d974f1b

commit 58b69898e9adecefe85c1a421d287a800d974f1b
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Mon Jul 10 14:14:27 2017 -0700

    Replace int with bool in __fortify_fail_abort

        * debug/fortify_fail.c (__fortify_fail_abort): Replace int with
        bool.
        (__fortify_fail): Pass false to __fortify_fail_abort.
        * debug/stack_chk_fail.c (__stack_chk_fail): Pass true to
        __fortify_fail_abort.
        * include/stdio.h: Include <stdbool.h>l
        (__fortify_fail_abort): Replace int with bool.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=37900e7dee18a446afda1b9e9831cd3d331f2a4f

commit 37900e7dee18a446afda1b9e9831cd3d331f2a4f
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Mon Jul 10 12:21:39 2017 -0700

    Avoid backtrace from __stack_chk_fail [BZ #12189]

    __stack_chk_fail is called on corrupted stack.  __stack_chk_fail should
    use as little stack as possible.  __libc_message is extended to avoid
    calling BEFORE_ABORT when do_abort >= 3 and __fortify_fail_abort is
    added to avoid backtrace from __stack_chk_fail.

        [BZ #12189]
        * debug/Makefile (CFLAGS-tst-ssp-1.c): New.
        (tests): Add tst-ssp-1 if -fstack-protector works.
        * debug/fortify_fail.c (_fortify_fail_abort): New function.
        (__fortify_fail): Call _fortify_fail_abort.
        (__fortify_fail_abort): Add a hidden definition.
        * debug/stack_chk_fail.c (__stack_chk_fail): Call
        __fortify_fail_abort, instead of __fortify_fail.
        * debug/tst-ssp-1.c: New file.
        * include/stdio.h (__fortify_fail_abort): New hidden prototype.
        * sysdeps/posix/libc_fatal.c (__libc_message): Call BEFORE_ABORT
        if do_abort < 3.

-----------------------------------------------------------------------

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]