archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
3.8 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/base/crts/crtw32/misc/seccook.c

138 lines
4.4 KiB
Raw Normal View History

Add source files
4 years ago
  1. /***
  2. *seccook.c - defines and checks buffer overrun security cookie
  3. *
  4. * Copyright (c) 2000-2001, Microsoft Corporation. All rights reserved.
  5. *
  6. *Purpose:
  7. * Defines per-module global variable __security_cookie and compiler
  8. * helper __security_check_cookie, which are used by the /GS compile
  9. * switch to detect local buffer variable overrun bugs/attacks.
  10. *
  11. * When compiling /GS, the compiler injects code to detect when a local
  12. * array variable has been overwritten, potentially overwriting the
  13. * return address (on machines like x86 where the return address is on
  14. * the stack). A local variable is allocated directly before the return
  15. * address and initialized on entering the function. When exiting the
  16. * function, the compiler inserts code to verify that the local variable
  17. * has not been modified. If it has, then an error reporting routine
  18. * is called.
  19. *
  20. * NOTE: The ATLMINCRT library includes a version of this file. If any
  21. * changes are made here, they should be duplicated in the ATL version.
  22. *
  23. *Revision History:
  24. * 01-24-00 PML Created.
  25. * 08-09-00 PML Preserve EAX on non-failure case (VS7#147203). Also
  26. * make sure failure case never returns.
  27. * 08-29-00 PML Rename handlers, add extra parameters. Move most of
  28. * system CRT version over to seclocf.c.
  29. * 09-16-00 PML Initialize global cookie earlier, and give it a nonzero
  30. * static initialization (vs7#162619).
  31. *
  32. *******************************************************************************/
  34. #include <sect_attribs.h>
  35. #include <internal.h>
  36. #include <windows.h>
  37. #include <stdlib.h>
  39. /*
  40. * The global security cookie. This name is known to the compiler.
  41. * Initialize to a garbage non-zero value just in case we have a buffer overrun
  42. * in any code that gets run before __security_init_cookie() has a chance to
  43. * initialize the cookie to the final value.
  44. */
  46. DWORD_PTR __security_cookie = 0xBB40E64E;
  48. /*
  49. * Trigger initialization of the global security cookie on program startup.
  50. * Force initialization before any #pragma init_seg() inits by using .CRT$XCAA
  51. * as the startup funcptr section.
  52. */
  54. #pragma data_seg(".CRT$XCAA")
  55. extern void __cdecl __security_init_cookie(void);
  56. static _CRTALLOC(".CRT$XCAA") _PVFV init_cookie = __security_init_cookie;
  57. #pragma data_seg()
  59. static void __cdecl report_failure(void);
  61. #if !defined(_SYSCRT) || !defined(CRTDLL)
  62. /*
  63. * The routine called if a cookie check fails.
  64. */
  65. #define REPORT_ERROR_HANDLER __security_error_handler
  66. #else
  67. /*
  68. * When using an older system CRT, use a local cookie failure reporting
  69. * routine, with a default implementation that calls __security_error_handler
  70. * if available, otherwise displays a default message box.
  71. */
  72. #define REPORT_ERROR_HANDLER __local_security_error_handler
  73. #endif
  75. extern void __cdecl REPORT_ERROR_HANDLER(int, void *);
  77. /***
  78. *__security_check_cookie(cookie) - check for buffer overrun
  79. *
  80. *Purpose:
  81. * Compiler helper. Check if a local copy of the security cookie still
  82. * matches the global value. If not, then report the fatal error.
  83. *
  84. * The actual reporting is split out into static helper report_failure,
  85. * since the cookie check routine must be minimal code that preserves
  86. * any registers used in returning the callee's result.
  87. *
  88. *Entry:
  89. * DWORD_PTR cookie - local security cookie to check
  90. *
  91. *Exit:
  92. * Returns immediately if the local cookie matches the global version.
  93. * Otherwise, calls the failure reporting handler and exits.
  94. *
  95. *Exceptions:
  96. *
  97. *******************************************************************************/
  99. #ifndef _M_IX86
  101. void __fastcall __security_check_cookie(DWORD_PTR cookie)
  102. {
  103. /* Immediately return if the local cookie is OK. */
  104. if (cookie == __security_cookie)
  105. return;
  107. /* Report the failure */
  108. report_failure();
  109. }
  111. #else
  113. void __declspec(naked) __fastcall __security_check_cookie(DWORD_PTR cookie)
  114. {
  115. /* x86 version written in asm to preserve all regs */
  116. __asm {
  117. cmp ecx, __security_cookie
  118. jne failure
  119. ret
  120. failure:
  121. jmp report_failure
  122. }
  123. }
  125. #endif
  127. static void __cdecl report_failure(void)
  128. {
  129. /* Report the failure */
  130. __try {
  131. REPORT_ERROR_HANDLER(_SECERR_BUFFER_OVERRUN, NULL);
  132. }
  133. __except (EXCEPTION_EXECUTE_HANDLER) {
  134. /* nothing */
  135. }
  137. ExitProcess(3);
  138. }