Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit db236920 authored by Marie Janssen's avatar Marie Janssen
Browse files

DO NOT MERGE Randomize allocation canary 

A static allocation canary can be susceptible to buffer overflow
exploit code bypassing, so this randomizes it on every run.

Bug: 27411268
Change-Id: I81b06f89951a012c08d846042653ec957f3e9127
(cherry picked from commit 7c054350fb7da9da1fdb86e7f7b9a801cf1c39e4)
parent dc33bf50

system/osi/src/allocation_tracker.cc

+10 −4
Original line number Diff line number Diff line
@@ -37,15 +37,21 @@ typedef struct { 
  bool freed;

} allocation_t;



static const char *canary = "tinybird";



static size_t canary_size;

static const size_t canary_size = 8;

static char canary[canary_size];

static std::unordered_map<void*, allocation_t*> allocations;

static pthread_mutex_t lock;

static bool enabled = false;



void allocation_tracker_init(void) {

  canary_size = strlen(canary);

  if (enabled)

    return;



  // randomize the canary contents

  for (size_t i = 0; i < canary_size; i++)

     canary[i] = (char)osi_rand();



  LOG_DEBUG(LOG_TAG, "canary initialized");



  pthread_mutex_init(&lock, NULL);