jmb
/
hardened_malloc
mirror of https://github.com/GrapheneOS/hardened_malloc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make canary generation consistent

pull/65/head
Daniel Micay 2018-10-30 19:22:56 -04:00
parent c29a183687
commit 834ce67884
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
malloc.c
View File

@ -346,6 +346,10 @@ static void set_canary(struct slab_metadata *metadata, void *p, size_t size) {
memcpy((char *)p + size - canary_size, &metadata->canary_value, canary_size); memcpy((char *)p + size - canary_size, &metadata->canary_value, canary_size);
} }
static u64 get_random_canary(struct random_state *rng) {
return get_random_u64(rng) & canary_mask;
}
static inline void *allocate_small(size_t requested_size) { static inline void *allocate_small(size_t requested_size) {
struct size_info info = get_size_info(requested_size); struct size_info info = get_size_info(requested_size);
size_t size = info.size ? info.size : 16; size_t size = info.size ? info.size : 16;
@ -379,7 +383,7 @@ static inline void *allocate_small(size_t requested_size) {
return p; return p;
} else if (c->free_slabs_head != NULL) { } else if (c->free_slabs_head != NULL) {
struct slab_metadata *metadata = c->free_slabs_head; struct slab_metadata *metadata = c->free_slabs_head;
metadata->canary_value = get_random_u64(&c->rng); metadata->canary_value = get_random_canary(&c->rng);
void *slab = get_slab(c, slab_size, metadata); void *slab = get_slab(c, slab_size, metadata);
if (requested_size && memory_protect_rw(slab, slab_size)) { if (requested_size && memory_protect_rw(slab, slab_size)) {
@ -413,7 +417,7 @@ static inline void *allocate_small(size_t requested_size) {
mutex_unlock(&c->lock); mutex_unlock(&c->lock);
return NULL; return NULL;
} }
metadata->canary_value = get_random_u64(&c->rng) & canary_mask; metadata->canary_value = get_random_canary(&c->rng);
c->partial_slabs = metadata; c->partial_slabs = metadata;
void *slab = get_slab(c, slab_size, metadata); void *slab = get_slab(c, slab_size, metadata);