Add -fstack-protector support to wasi-libc (WebAssembly#351)

kateinoigakukun · john-sharratt · commit 155cc0378287 · 2023-03-06T08:52:21.000+11:00
Inlcude `__stack_chk_fail.c` and initialize `__stack_chk_guard` in ctor.

```
$ cat main.c
char input[] = "0123456789012345";
int main(void) {
    char buf[8];

    for (char *sp = input, *dp = buf; *sp != '\0'; sp++, dp++) {
        *dp = *sp;
    }
    return 0;
}

$ clang main.c -fstack-protector
$ wasmtime ./a.out
Error: failed to run main module `./a.out`

Caused by:
    0: failed to invoke command default
    1: wasm trap: wasm `unreachable` instruction executed
       wasm backtrace:
           0:  0x258 - &lt;unknown&gt;!__stack_chk_fail
           1:  0x21e - &lt;unknown&gt;!__original_main
           2:   0xca - &lt;unknown&gt;!_start
```
diff --git a/Makefile b/Makefile
@@ -146,6 +146,7 @@ LIBC_TOP_HALF_MUSL_SOURCES = \
         fcntl/creat.c \
         dirent/alphasort.c \
         dirent/versionsort.c \
+        env/__stack_chk_fail.c \
         env/clearenv.c \
         env/getenv.c \
         env/putenv.c \
diff --git a/libc-top-half/musl/src/env/__stack_chk_fail.c b/libc-top-half/musl/src/env/__stack_chk_fail.c
@@ -1,6 +1,11 @@
 #include <string.h>
 #include <stdint.h>
+#if defined(__wasilibc_unmodified_upstream) || defined(_REENTRANT)
 #include "pthread_impl.h"
+#else
+// In non-_REENTRANT, include it for `a_crash`
+# include "atomic.h"
+#endif
 
 uintptr_t __stack_chk_guard;
 
@@ -9,7 +14,18 @@ void __init_ssp(void *entropy)
 	if (entropy) memcpy(&__stack_chk_guard, entropy, sizeof(uintptr_t));
 	else __stack_chk_guard = (uintptr_t)&__stack_chk_guard * 1103515245;
 
+#if UINTPTR_MAX >= 0xffffffffffffffff
+	/* Sacrifice 8 bits of entropy on 64bit to prevent leaking/
+	 * overwriting the canary via string-manipulation functions.
+	 * The NULL byte is on the second byte so that off-by-ones can
+	 * still be detected. Endianness is taken care of
+	 * automatically. */
+	((char *)&__stack_chk_guard)[1] = 0;
+#endif
+
+#if defined(__wasilibc_unmodified_upstream) || defined(_REENTRANT)
 	__pthread_self()->canary = __stack_chk_guard;
+#endif
 }
 
 void __stack_chk_fail(void)
@@ -20,3 +36,14 @@ void __stack_chk_fail(void)
 hidden void __stack_chk_fail_local(void);
 
 weak_alias(__stack_chk_fail, __stack_chk_fail_local);
+
+#ifndef __wasilibc_unmodified_upstream
+# include <wasi/api.h>
+
+__attribute__((constructor(60)))
+static void __wasilibc_init_ssp(void) {
+	uintptr_t entropy;
+	int r = __wasi_random_get((uint8_t *)&entropy, sizeof(uintptr_t));
+	__init_ssp(r ? NULL : &entropy);
+}
+#endif
