This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH] libssp should not use /dev/random on Windows


Hi,

inline is a patch to avoid using /dev/random on Windows in ssp.c. If it
is getting used there might be a local malicious process supplying fake
random values (e.g. via C:\dev\random) rendering SSP useless.

Comments/review are much appreciated. The patch is against the 4.9 branch:

From 372698ef051b776cc30e9ebd2aac7291c19ff506 Mon Sep 17 00:00:00 2001
From: Erinn Clark <erinn@torproject.org>
Date: Wed, 12 Mar 2014 16:09:10 +0100
Subject: [PATCH] Don't use /dev/random on Windows, because it is not a
thing.
 Apart from that some process might be able to supply fake
 random data with e.g. c:\dev\urandom rendering SSP useless.

This patch was written by skruffy, thanks!
---
 libssp/ssp.c |   16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/libssp/ssp.c b/libssp/ssp.c
index 96adf17..38e3ec8 100644
--- a/libssp/ssp.c
+++ b/libssp/ssp.c
@@ -55,6 +55,7 @@ see the files COPYING3 and COPYING.RUNTIME
respectively.  If not, see
 /* Native win32 apps don't know about /dev/tty but can print directly
    to the console using  "CONOUT$"   */
 #if defined (_WIN32) && !defined (__CYGWIN__)
+#include <windows.h>
 # define _PATH_TTY "CONOUT$"
 #else
 # define _PATH_TTY "/dev/tty"
@@ -75,6 +76,20 @@ __guard_setup (void)
   if (__stack_chk_guard != 0)
     return;

+#if defined (_WIN32) && !defined (__CYGWIN__)
+  HCRYPTPROV hprovider = 0;
+  if (CryptAcquireContext(&hprovider, NULL, NULL, PROV_RSA_FULL,
+                          CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
+    {
+      if (CryptGenRandom(hprovider, sizeof (__stack_chk_guard),
+          (BYTE *)&__stack_chk_guard) &&  __stack_chk_guard != 0)
+        {
+           CryptReleaseContext(hprovider, 0);
+           return;
+        }
+      CryptReleaseContext(hprovider, 0);
+    }
+#else
   fd = open ("/dev/urandom", O_RDONLY);
   if (fd != -1)
     {
@@ -85,6 +100,7 @@ __guard_setup (void)
         return;
     }

+#endif
   /* If a random generator can't be used, the protector switches the guard
      to the "terminator canary".  */
   p = (unsigned char *) &__stack_chk_guard;
-- 
1.7.10.4

Georg

Attachment: signature.asc
Description: OpenPGP digital signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]