diff options
author | Georg Koppen <gk@torproject.org> | 2015-02-10 01:44:08 +0000 |
---|---|---|
committer | Jeff Law <law@gcc.gnu.org> | 2015-02-09 18:44:08 -0700 |
commit | adebb6e733c59da7c75051f27c47f38337d387ae (patch) | |
tree | 39c5991cbcd01a490e24d4ab4f3dfb455aa5485f /libssp | |
parent | 94a2f772f041cdbc3711aa8b7da8678fb206fa36 (diff) | |
download | gcc-adebb6e733c59da7c75051f27c47f38337d387ae.tar.gz |
ssp.c (__guard_setup): For Windows...
* ssp.c (__guard_setup): For Windows, use approved
methods to get a suitable random number for the stack
check guard rather than reading /dev/random.
From-SVN: r220559
Diffstat (limited to 'libssp')
-rw-r--r-- | libssp/ChangeLog | 7 | ||||
-rw-r--r-- | libssp/ssp.c | 16 |
2 files changed, 23 insertions, 0 deletions
diff --git a/libssp/ChangeLog b/libssp/ChangeLog index d1580a37e98..843992ebdb8 100644 --- a/libssp/ChangeLog +++ b/libssp/ChangeLog @@ -1,3 +1,10 @@ +2015-02-09 Georg Koppen <gk@torproject.org> + + * ssp.c: Conditionally include <windows.h> + (__guard_setup): For Windows, use approved methods to get + a suitable random number for the stack check guard rather + than reading /dev/random. + 2015-01-22 Matthias Klose <doko@ubuntu.com> * gets-chk.c: Declare prototype for gets in C11 mode. diff --git a/libssp/ssp.c b/libssp/ssp.c index 96adf17ce3f..38e3ec83f6b 100644 --- a/libssp/ssp.c +++ b/libssp/ssp.c @@ -55,6 +55,7 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see /* Native win32 apps don't know about /dev/tty but can print directly to the console using "CONOUT$" */ #if defined (_WIN32) && !defined (__CYGWIN__) +#include <windows.h> # define _PATH_TTY "CONOUT$" #else # define _PATH_TTY "/dev/tty" @@ -75,6 +76,20 @@ __guard_setup (void) if (__stack_chk_guard != 0) return; +#if defined (_WIN32) && !defined (__CYGWIN__) + HCRYPTPROV hprovider = 0; + if (CryptAcquireContext(&hprovider, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) + { + if (CryptGenRandom(hprovider, sizeof (__stack_chk_guard), + (BYTE *)&__stack_chk_guard) && __stack_chk_guard != 0) + { + CryptReleaseContext(hprovider, 0); + return; + } + CryptReleaseContext(hprovider, 0); + } +#else fd = open ("/dev/urandom", O_RDONLY); if (fd != -1) { @@ -85,6 +100,7 @@ __guard_setup (void) return; } +#endif /* If a random generator can't be used, the protector switches the guard to the "terminator canary". */ p = (unsigned char *) &__stack_chk_guard; |