In the original ProPolice that the gcc 4.1 stack smash protection was derived
from, a stack smash would illicit a message similar to:
*** Stack smashing detected in function vuln() in source file net.c!!! Aborted
Examining the current source, the following code exists:
void
__stack_chk_fail (void)
{
const char *msg = "*** stack smashing detected ***: ";
fail (msg, strlen (msg), "stack smashing detected: terminated");
}
This winds out with:
*** stack smashing detected ***: ./usr/lib/foxsrt/test/ssp_smash terminated
Unfortunately it seems this now can't be (cleanly) fixed without breaking
existing stack smash protected code. The only way to allow old behavior is to
add ANOTHER external function to libssp. One possible would be:
void
__stack_chk_fail2 (char *fctn, char *srcfile, void *damage)
{
const char *msg = "*** stack smashing detected ***:";
/*Allocate: "%s %s:%s (damage: 0x%p) ",msg,srcfile,fctn,damage*/
int msg2len = strlen (msg) + strlen (fctn)
+ strlen (srcfile) + sizeof(void*)*2 + 17;
char *msg2 = alloca (msg2len);
snprintf (msg2, msg2len, "%s %s:%s (damage: 0x%p) ",
msg, srcfile, fctn, damage);
/* Not necessary, assuming %p doesn't spit out extra characters...*/
msg2[msg2len - 1] = '\0';
fail (msg2, strlen (msg2), "stack smashing detected: terminated");
}
The emitted code would then have to call the following in case of a detected
stack smash:
__stack_chk_fail2(__FUNC__, __FILE__, __guard);
Where __FUNC__ is the function name, __FILE__ is the source file, and __guard
is the canary value in the function (which is now damaged).
The nice thing about doing something like this is that the programmer does not
have to pull out a debugger and try to reproduce stack smashing scenarios and
do a stack trace to figure out where the bug is. This is especially helpful
when an end user produces a bug report, because the bug report can say right
there, "Stack smash in bad_code.c:vuln_function()" and the programmer can go
right there and look through everything that the buffer is passed to and
everything he does with it to see what he messed up.
The overhead of this is an extra reference to __FILE__ and __FUNC__, which may
be generated inline or point to existing copies of those strings in the object.
The cost at runtime is only seen when a stack smash occurs. Total, the
program should get a few bytes bigger (if alignment doesn't fuzz that out) and
shouldn't run any slower, so nobody should care.
--
Summary: Stack smash protection non-verbose
Product: gcc
Version: 4.1.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: nigelenki at comcast dot net
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28328
