반응형
stack_protector
#include <sys/param.h>
#include <sys/sysctl.h>
#include <signal.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>
extern int __sysctl(int *, u_int, void *, size_t *, void *, size_t);
long __guard[8] = {0, 0, 0, 0, 0, 0, 0, 0};
static void __guard_setup(void) __attribute__ ((constructor));
void __stack_smash_handler(char func[], int damaged __attribute__((unused)));
static void
__guard_setup(void)
{
int mib[2];
size_t len;
if (__guard[0] != 0)
return;
mib[0] = CTL_KERN;
mib[1] = KERN_ARND;
len = sizeof(__guard);
if (__sysctl(mib, 2, __guard, &len, NULL, 0) == -1 ||
len != sizeof(__guard)) {
/* If sysctl was unsuccessful, use the "terminator canary". */
((unsigned char *)__guard)[0] = 0;
((unsigned char *)__guard)[1] = 0;
((unsigned char *)__guard)[2] = '\n';
((unsigned char *)__guard)[3] = 255;
}
}
/*ARGSUSED*/
void
__stack_smash_handler(char func[], int damaged)
{
struct syslog_data sdata = SYSLOG_DATA_INIT;
const char message[] = "stack overflow in function %s";
struct sigaction sa;
sigset_t mask;
/* Immediately block all signal handlers from running code */
sigfillset(&mask);
sigdelset(&mask, SIGABRT);
sigprocmask(SIG_BLOCK, &mask, NULL);
/* This may fail on a chroot jail... */
syslog_r(LOG_CRIT, &sdata, message, func);
bzero(&sa, sizeof(struct sigaction));
sigemptyset(&sa.sa_mask);
sa.sa_flags = 0;
sa.sa_handler = SIG_DFL;
sigaction(SIGABRT, &sa, NULL);
kill(getpid(), SIGABRT);
_exit(127);
}
반응형