Skip to content

Commit

Permalink
Add -fstack-protector support to wasi-libc (WebAssembly#351)
Browse files Browse the repository at this point in the history 
Inlcude `__stack_chk_fail.c` and initialize `__stack_chk_guard` in ctor.

```
$ cat main.c
char input[] = "0123456789012345";
int main(void) {
    char buf[8];

    for (char *sp = input, *dp = buf; *sp != '\0'; sp++, dp++) {
        *dp = *sp;
    }
    return 0;
}

$ clang main.c -fstack-protector
$ wasmtime ./a.out
Error: failed to run main module `./a.out`

Caused by:
    0: failed to invoke command default
    1: wasm trap: wasm `unreachable` instruction executed
       wasm backtrace:
           0:  0x258 - <unknown>!__stack_chk_fail
           1:  0x21e - <unknown>!__original_main
           2:   0xca - <unknown>!_start
```
  • Loading branch information
@kateinoigakukun @john-sharratt
kateinoigakukun authored and john-sharratt committed Mar 5, 2023
1 parent a829eba commit 155cc03
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 0 deletions.
1 change: 1 addition & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,7 @@ LIBC_TOP_HALF_MUSL_SOURCES = \
fcntl/creat.c \
dirent/alphasort.c \
dirent/versionsort.c \
env/__stack_chk_fail.c \
env/clearenv.c \
env/getenv.c \
env/putenv.c \
Expand Down
27 changes: 27 additions & 0 deletions libc-top-half/musl/src/env/__stack_chk_fail.c
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
#include <string.h>
#include <stdint.h>
#if defined(__wasilibc_unmodified_upstream) || defined(_REENTRANT)
#include "pthread_impl.h"
#else
// In non-_REENTRANT, include it for `a_crash`
# include "atomic.h"
#endif

uintptr_t __stack_chk_guard;

Expand All @@ -9,7 +14,18 @@ void __init_ssp(void *entropy)
if (entropy) memcpy(&__stack_chk_guard, entropy, sizeof(uintptr_t));
else __stack_chk_guard = (uintptr_t)&__stack_chk_guard * 1103515245;

#if UINTPTR_MAX >= 0xffffffffffffffff
/* Sacrifice 8 bits of entropy on 64bit to prevent leaking/
* overwriting the canary via string-manipulation functions.
* The NULL byte is on the second byte so that off-by-ones can
* still be detected. Endianness is taken care of
* automatically. */
((char *)&__stack_chk_guard)[1] = 0;
#endif

#if defined(__wasilibc_unmodified_upstream) || defined(_REENTRANT)
__pthread_self()->canary = __stack_chk_guard;
#endif
}

void __stack_chk_fail(void)
Expand All @@ -20,3 +36,14 @@ void __stack_chk_fail(void)
hidden void __stack_chk_fail_local(void);

weak_alias(__stack_chk_fail, __stack_chk_fail_local);

#ifndef __wasilibc_unmodified_upstream
# include <wasi/api.h>

__attribute__((constructor(60)))
static void __wasilibc_init_ssp(void) {
uintptr_t entropy;
int r = __wasi_random_get((uint8_t *)&entropy, sizeof(uintptr_t));
__init_ssp(r ? NULL : &entropy);
}
#endif

0 comments on commit 155cc03

Please sign in to comment.