diff options
| author | Daniel Micay <danielmicay@gmail.com> | 2017-03-23 13:36:42 -0400 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-10-14 16:01:53 +0200 |
| commit | bed4c9124a4a0d9a1ec167d2f959289f74e1987d (patch) | |
| tree | c224ed67d5f84b6251cd56443ecaacbaf55b26ec /arch | |
| parent | 51853318e8e9e33bef8c03e8964d91a18f1acb1c (diff) | |
arm64: zero the leading stack canary byte
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/arm64/include/asm/stackprotector.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/arm64/include/asm/stackprotector.h b/arch/arm64/include/asm/stackprotector.h index de003327b..330412e1f 100644 --- a/arch/arm64/include/asm/stackprotector.h +++ b/arch/arm64/include/asm/stackprotector.h @@ -31,6 +31,9 @@ static __always_inline void boot_init_stack_canary(void) get_random_bytes(&canary, sizeof(canary)); canary ^= LINUX_VERSION_CODE; + /* Sacrifice 8 bits of entropy to mitigate non-terminated C string overflows */ + canary &= ~(unsigned long)0xff; + current->stack_canary = canary; __stack_chk_guard = current->stack_canary; } |