BZ #15754: CVE-2013-4788

The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix. The test tst-ptrguard1-static and tst-ptrguard1 add regression coverage to ensure the pointer guards are sufficiently random and initialized to a default value.
2025-07-30 22:43:12 +03:00 · 2013-09-23 00:52:09 -04:00
parent 58a96064d1
commit c61b4d41c9
19 changed files with 351 additions and 5 deletions
--- a/sysdeps/i386/stackguard-macros.h
+++ b/sysdeps/i386/stackguard-macros.h
@ -2,3 +2,11 @@

 #define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("movl %%gs:0x14, %0" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+  ({							\
+     uintptr_t x;					\
+     asm ("movl %%gs:%c1, %0" : "=r" (x)		\
+	  : "i" (offsetof (tcbhead_t, pointer_guard)));	\
+     x;							\
+   })