From d7796dcc072317302e8b39db8e54997457bafbba Mon Sep 17 00:00:00 2001 From: joerg Date: Fri, 18 Nov 2011 20:43:01 +0000 Subject: [PATCH] Exploit hidden __cerror --- lib/libc/arch/x86_64/SYS.h | 8 +------- lib/libc/arch/x86_64/sys/__clone.S | 7 +------ lib/libc/arch/x86_64/sys/__vfork14.S | 9 ++------- lib/libc/arch/x86_64/sys/brk.S | 7 +++---- lib/libc/arch/x86_64/sys/exect.S | 9 ++------- lib/libc/arch/x86_64/sys/ptrace.S | 9 ++------- lib/libc/arch/x86_64/sys/sbrk.S | 7 +++---- 7 files changed, 14 insertions(+), 42 deletions(-) diff --git a/lib/libc/arch/x86_64/SYS.h b/lib/libc/arch/x86_64/SYS.h index 2b0260346dfb..9fbb570b969b 100644 --- a/lib/libc/arch/x86_64/SYS.h +++ b/lib/libc/arch/x86_64/SYS.h @@ -30,7 +30,7 @@ * SUCH DAMAGE. * * from: @(#)SYS.h 5.5 (Berkeley) 5/7/91 - * $NetBSD: SYS.h,v 1.10 2007/11/23 07:36:05 dsl Exp $ + * $NetBSD: SYS.h,v 1.11 2011/11/18 20:43:01 joerg Exp $ */ #include @@ -49,14 +49,8 @@ ENTRY(x); \ SYSTRAP(y) -#ifdef PIC #define _SYSCALL_ERR \ - mov PIC_GOT(CERROR), %rcx; \ - jmp *%rcx -#else -#define _SYSCALL_ERR \ jmp CERROR -#endif #define _SYSCALL(x,y) \ .text; _ALIGN_TEXT; \ diff --git a/lib/libc/arch/x86_64/sys/__clone.S b/lib/libc/arch/x86_64/sys/__clone.S index 76d6874253d1..37025be3b8c2 100644 --- a/lib/libc/arch/x86_64/sys/__clone.S +++ b/lib/libc/arch/x86_64/sys/__clone.S @@ -1,4 +1,4 @@ -/* $NetBSD: __clone.S,v 1.2 2002/06/06 20:51:17 fvdl Exp $ */ +/* $NetBSD: __clone.S,v 1.3 2011/11/18 20:43:01 joerg Exp $ */ /* * Copyright (c) 2002 Wasabi Systems, Inc. @@ -93,9 +93,4 @@ ENTRY(__clone) 5: popq %r13 popq %r12 -#ifdef PIC - movq PIC_GOT(CERROR),%rdx - jmp *%rdx -#else jmp CERROR -#endif diff --git a/lib/libc/arch/x86_64/sys/__vfork14.S b/lib/libc/arch/x86_64/sys/__vfork14.S index bbd68216417c..4a9a3592ece4 100644 --- a/lib/libc/arch/x86_64/sys/__vfork14.S +++ b/lib/libc/arch/x86_64/sys/__vfork14.S @@ -1,4 +1,4 @@ -/* $NetBSD: __vfork14.S,v 1.3 2003/08/07 16:42:37 agc Exp $ */ +/* $NetBSD: __vfork14.S,v 1.4 2011/11/18 20:43:01 joerg Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -36,7 +36,7 @@ #include #if defined(SYSLIBC_SCCS) && !defined(lint) - RCSID("$NetBSD: __vfork14.S,v 1.3 2003/08/07 16:42:37 agc Exp $") + RCSID("$NetBSD: __vfork14.S,v 1.4 2011/11/18 20:43:01 joerg Exp $") #endif /* SYSLIBC_SCCS and not lint */ #include "SYS.h" @@ -57,9 +57,4 @@ ENTRY(__vfork14) jmp *%r9 err: pushq %r9 -#ifdef PIC - movq PIC_GOT(CERROR), %rcx - jmp *%rcx -#else jmp CERROR -#endif diff --git a/lib/libc/arch/x86_64/sys/brk.S b/lib/libc/arch/x86_64/sys/brk.S index 7d969e9d7155..c64483281017 100644 --- a/lib/libc/arch/x86_64/sys/brk.S +++ b/lib/libc/arch/x86_64/sys/brk.S @@ -1,4 +1,4 @@ -/* $NetBSD: brk.S,v 1.3 2003/08/07 16:42:37 agc Exp $ */ +/* $NetBSD: brk.S,v 1.4 2011/11/18 20:43:01 joerg Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -36,7 +36,7 @@ #include #if defined(SYSLIBC_SCCS) && !defined(lint) - RCSID("$NetBSD: brk.S,v 1.3 2003/08/07 16:42:37 agc Exp $") + RCSID("$NetBSD: brk.S,v 1.4 2011/11/18 20:43:01 joerg Exp $") #endif /* SYSLIBC_SCCS and not lint */ #include "SYS.h" @@ -68,8 +68,7 @@ ENTRY(_brk) xorl %eax,%eax ret err: - movq PIC_GOT(CERROR),%rdx - jmp *%rdx + jmp CERROR #else cmpq %rdi,_C_LABEL(__minbrk)(%rip) jb 1f diff --git a/lib/libc/arch/x86_64/sys/exect.S b/lib/libc/arch/x86_64/sys/exect.S index 9f32e5e5c64d..7e221e0d3da7 100644 --- a/lib/libc/arch/x86_64/sys/exect.S +++ b/lib/libc/arch/x86_64/sys/exect.S @@ -1,4 +1,4 @@ -/* $NetBSD: exect.S,v 1.2 2003/08/07 16:42:37 agc Exp $ */ +/* $NetBSD: exect.S,v 1.3 2011/11/18 20:43:01 joerg Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -36,7 +36,7 @@ #include #if defined(SYSLIBC_SCCS) && !defined(lint) - RCSID("$NetBSD: exect.S,v 1.2 2003/08/07 16:42:37 agc Exp $") + RCSID("$NetBSD: exect.S,v 1.3 2011/11/18 20:43:01 joerg Exp $") #endif /* SYSLIBC_SCCS and not lint */ #include "SYS.h" @@ -47,9 +47,4 @@ ENTRY(exect) orb $(PSL_T>>8),1(%rsp) popfq SYSTRAP(execve) -#ifdef PIC - movq PIC_GOT(CERROR), %rcx - jmp *%rcx -#else jmp CERROR -#endif diff --git a/lib/libc/arch/x86_64/sys/ptrace.S b/lib/libc/arch/x86_64/sys/ptrace.S index 8b7cc33ae7a5..77c1de87f1fc 100644 --- a/lib/libc/arch/x86_64/sys/ptrace.S +++ b/lib/libc/arch/x86_64/sys/ptrace.S @@ -1,4 +1,4 @@ -/* $NetBSD: ptrace.S,v 1.2 2003/08/07 16:42:37 agc Exp $ */ +/* $NetBSD: ptrace.S,v 1.3 2011/11/18 20:43:01 joerg Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -36,7 +36,7 @@ #include #if defined(SYSLIBC_SCCS) && !defined(lint) - RCSID("$NetBSD: ptrace.S,v 1.2 2003/08/07 16:42:37 agc Exp $") + RCSID("$NetBSD: ptrace.S,v 1.3 2011/11/18 20:43:01 joerg Exp $") #endif /* SYSLIBC_SCCS and not lint */ #include "SYS.h" @@ -54,9 +54,4 @@ ENTRY(ptrace) jc err ret err: -#ifdef PIC - movq PIC_GOT(CERROR), %rcx - jmp *%rcx -#else jmp CERROR -#endif diff --git a/lib/libc/arch/x86_64/sys/sbrk.S b/lib/libc/arch/x86_64/sys/sbrk.S index 65c33625b215..812e15b38cee 100644 --- a/lib/libc/arch/x86_64/sys/sbrk.S +++ b/lib/libc/arch/x86_64/sys/sbrk.S @@ -1,4 +1,4 @@ -/* $NetBSD: sbrk.S,v 1.3 2008/07/02 20:07:43 rmind Exp $ */ +/* $NetBSD: sbrk.S,v 1.4 2011/11/18 20:43:01 joerg Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -36,7 +36,7 @@ #include #if defined(SYSLIBC_SCCS) && !defined(lint) - RCSID("$NetBSD: sbrk.S,v 1.3 2008/07/02 20:07:43 rmind Exp $") + RCSID("$NetBSD: sbrk.S,v 1.4 2011/11/18 20:43:01 joerg Exp $") #endif /* SYSLIBC_SCCS and not lint */ #include "SYS.h" @@ -67,8 +67,7 @@ ENTRY(_sbrk) out: ret err: - mov PIC_GOT(CERROR),%rdx - jmp *%rdx + jmp CERROR #else movq CURBRK(%rip),%rax test %rdi,%rdi