1 /* Copyright (C) 2005-2022 Free Software Foundation, Inc.
2    This file is part of the GNU C Library.
3 
4    The GNU C Library is free software; you can redistribute it and/or
5    modify it under the terms of the GNU Lesser General Public
6    License as published by the Free Software Foundation; either
7    version 2.1 of the License, or (at your option) any later version.
8 
9    The GNU C Library is distributed in the hope that it will be useful,
10    but WITHOUT ANY WARRANTY; without even the implied warranty of
11    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12    Lesser General Public License for more details.
13 
14    You should have received a copy of the GNU Lesser General Public
15    License along with the GNU C Library; if not, see
16    <https://www.gnu.org/licenses/>.  */
17 
18 #include <errno.h>
19 #include <getopt.h>
20 #include <stdbool.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <sys/wait.h>
25 #include <stackguard-macros.h>
26 #include <tls.h>
27 #include <unistd.h>
28 
29 static const char *command;
30 static bool child;
31 static uintptr_t stack_chk_guard_copy;
32 static bool stack_chk_guard_copy_set;
33 static int fds[2];
34 
35 static void __attribute__ ((constructor))
con(void)36 con (void)
37 {
38   stack_chk_guard_copy = STACK_CHK_GUARD;
39   stack_chk_guard_copy_set = true;
40 }
41 
42 static int
uintptr_t_cmp(const void * a,const void * b)43 uintptr_t_cmp (const void *a, const void *b)
44 {
45   if (*(uintptr_t *) a < *(uintptr_t *) b)
46     return 1;
47   if (*(uintptr_t *) a > *(uintptr_t *) b)
48     return -1;
49   return 0;
50 }
51 
52 static int
do_test(void)53 do_test (void)
54 {
55   if (!stack_chk_guard_copy_set)
56     {
57       puts ("constructor has not been run");
58       return 1;
59     }
60 
61   if (stack_chk_guard_copy != STACK_CHK_GUARD)
62     {
63       puts ("STACK_CHK_GUARD changed between constructor and do_test");
64       return 1;
65     }
66 
67   if (child)
68     {
69       write (2, &stack_chk_guard_copy, sizeof (stack_chk_guard_copy));
70       return 0;
71     }
72 
73   if (command == NULL)
74     {
75       puts ("missing --command or --child argument");
76       return 1;
77     }
78 
79 #define N 16
80   uintptr_t child_stack_chk_guards[N + 1];
81   child_stack_chk_guards[N] = stack_chk_guard_copy;
82   int i;
83   for (i = 0; i < N; ++i)
84     {
85       if (pipe (fds) < 0)
86 	{
87 	  printf ("couldn't create pipe: %m\n");
88 	  return 1;
89 	}
90 
91       pid_t pid = fork ();
92       if (pid < 0)
93 	{
94 	  printf ("fork failed: %m\n");
95 	  return 1;
96 	}
97 
98       if (!pid)
99 	{
100 	  if (stack_chk_guard_copy != STACK_CHK_GUARD)
101 	    {
102 	      puts ("STACK_CHK_GUARD changed after fork");
103 	      exit (1);
104 	    }
105 
106 	  close (fds[0]);
107 	  close (2);
108 	  dup2 (fds[1], 2);
109 	  close (fds[1]);
110 
111 	  system (command);
112 	  exit (0);
113 	}
114 
115       close (fds[1]);
116 
117       if (TEMP_FAILURE_RETRY (read (fds[0], &child_stack_chk_guards[i],
118 				    sizeof (uintptr_t))) != sizeof (uintptr_t))
119 	{
120 	  puts ("could not read stack_chk_guard value from child");
121 	  return 1;
122 	}
123 
124       close (fds[0]);
125 
126       pid_t termpid;
127       int status;
128       termpid = TEMP_FAILURE_RETRY (waitpid (pid, &status, 0));
129       if (termpid == -1)
130 	{
131 	  printf ("waitpid failed: %m\n");
132 	  return 1;
133 	}
134       else if (termpid != pid)
135 	{
136 	  printf ("waitpid returned %ld != %ld\n",
137 		  (long int) termpid, (long int) pid);
138 	  return 1;
139 	}
140       else if (!WIFEXITED (status) || WEXITSTATUS (status))
141 	{
142 	  puts ("child hasn't exited with exit status 0");
143 	  return 1;
144 	}
145     }
146 
147   qsort (child_stack_chk_guards, N + 1, sizeof (uintptr_t), uintptr_t_cmp);
148 
149   uintptr_t default_guard = 0;
150   unsigned char *p = (unsigned char *) &default_guard;
151   p[sizeof (uintptr_t) - 1] = 255;
152   p[sizeof (uintptr_t) - 2] = '\n';
153   p[0] = 0;
154 
155   /* Test if the stack guard canaries are either randomized,
156      or equal to the default stack guard canary value.
157      Even with randomized stack guards it might happen
158      that the random number generator generates the same
159      values, but if that happens in more than half from
160      the 16 runs, something is very wrong.  */
161   int ndifferences = 0;
162   int ndefaults = 0;
163   for (i = 0; i < N; ++i)
164     {
165       if (child_stack_chk_guards[i] != child_stack_chk_guards[i+1])
166 	ndifferences++;
167       else if (child_stack_chk_guards[i] == default_guard)
168 	ndefaults++;
169     }
170 
171   printf ("differences %d defaults %d\n", ndifferences, ndefaults);
172 
173   if (ndifferences < N / 2 && ndefaults < N / 2)
174     {
175       puts ("stack guard canaries are not randomized enough");
176       puts ("nor equal to the default canary value");
177       return 1;
178     }
179 
180   return 0;
181 }
182 
183 #define OPT_COMMAND	10000
184 #define OPT_CHILD	10001
185 #define CMDLINE_OPTIONS	\
186   { "command", required_argument, NULL, OPT_COMMAND },  \
187   { "child", no_argument, NULL, OPT_CHILD },
188 
189 static void __attribute__((used))
cmdline_process_function(int c)190 cmdline_process_function (int c)
191 {
192   switch (c)
193     {
194       case OPT_COMMAND:
195         command = optarg;
196         break;
197       case OPT_CHILD:
198         child = true;
199         break;
200     }
201 }
202 #define CMDLINE_PROCESS	cmdline_process_function
203 
204 #include <support/test-driver.c>
205