grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 1/3] efi: Initialize canary to non-zero value

From: Glenn Washburn
Subject: [PATCH v2 1/3] efi: Initialize canary to non-zero value
Date: Mon, 11 Dec 2023 13:27:48 -0600 
The canary, __stack_chk_guard, is in the BSS and so will get initialized to
zero if it is not explicitly initialized. If the UEFI firmware does not
support the RNG protocol, then the canary will not be randomized and will
be zero. This seems like a possibly easier value to write by an attacker.
Initialize canary to static random bytes, so that it is still random when
there is no RNG protocol. Set at least one byte to NULL to protect against
string buffer overflow attacks.

Signed-off-by: Glenn Washburn <development@efficientek.com>
---
 grub-core/kern/efi/init.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c
index e759cc315b85..08e24d46fad9 100644
--- a/grub-core/kern/efi/init.c
+++ b/grub-core/kern/efi/init.c
@@ -45,7 +45,8 @@ static grub_guid_t rng_protocol_guid = 
GRUB_EFI_RNG_PROTOCOL_GUID;
  */
 static grub_efi_uint8_t stack_chk_guard_buf[32];
 
-grub_addr_t __stack_chk_guard;
+/* Initialize canary in case there is no RNG protocol. */
+grub_addr_t __stack_chk_guard = (grub_addr_t) 0x00f2b7e2f193b25c;
 
 void __attribute__ ((noreturn))
 __stack_chk_fail (void)
-- 
2.34.1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]