libkern stack_protector

Matthew Dillon dillon at apollo.backplane.com
Sat Jan 29 11:46:50 PST 2005


:On Fri, Jan 28, 2005 at 05:29:03PM -0500, Robert Connolly wrote:
:> Hello. In regards to your:
:> src/sys/libkern/stack_protector.c
:> 
:> You have:
:> #if BYTE_ORDER == LITTLE_ENDIAN
:> int __guard = 0x00000aff;
:> #else
:> int __guard = 0xff0a0000;
:> #endif
:> 
:> Why do you check for endianness? 
:
:Because the order of the cookie bytes changes the meaning of
:how overflowing buffers are used.
:
:Joerg
:
:> 
:> robert

    Right.  The idea of the cookie is to catch an overflow.  Catching
    an overflow means emplacing the cookie such that a one-byte overflow
    is likely to be caught.  We'd rather have a non-zero byte for the first
    byte of the overflow area rather then a zero byte.  

    Why aren't all the bytes non-zero?  Because we also want the guard
    to provide at least one zero byte for string termination.  And there
    are a few other reasons too.  It's mostly inconsequential but there is
    a method behind the madness.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>





More information about the Kernel mailing list