This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Return address checking for buffer overflow exploit


I had an idea, I'm not sure how practical it would be to implement, but....

On functions which allocate arrays on the stack, have the option of inserting return address checking. This should be effective because it works "pre-exploit."

The idea is that one of the ways an exploit gains control is to send data which overwrites the return address and thus transfers control to foreign code. On functions with return address checking, this would cause the program to assert and fail.

If some compiler flag is set, i.e. --with-return-address-checking
Functions which declare an automatic array will add one more invisible automatic variable below all the arrays which contain either a checksum or the actual return address. Upon return, this variable is checked with what the intended return address is, if they are not the same, then an assert error is made and the program exits.


There could be implemented with varying degrees, i.e. every function could check the return address or only functions with automatic arrays. Pragmas can also be used to force certain functions either to have or not have the checking.

#pragma check_return_address
#pragma nocheck_return_address


What do you guys think?




Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]