Contributed by rueda on from the all your returns are belong to us dept.
Todd Mortimer (mortimer@) has committed improvements to (the anti-ROP) "X86FixupGadgets" pass of clang(1) for amd64 and i386:
CVSROOT: /cvs Module name: src Changes by: mortimer@cvs.openbsd.org 2019/02/22 08:28:43 Modified files: gnu/llvm/lib/Target/X86: X86FixupGadgets.cpp X86InstrCompiler.td X86MCInstLower.cpp gnu/llvm/tools/clang/include/clang/Driver: Options.td gnu/llvm/tools/clang/lib/Driver/ToolChains: Clang.cpp share/man/man1 : clang-local.1 Log message: Improve the X86FixupGadgets pass: - Target all four kinds of return bytes (c2, c3, ca, cb) - Fix up instructions using both ModR/M and SIB bytes - Force alignment before instructions with return bytes in immediates - Force alignment before instructions that have return bytes in their encoding - Add a command line switch to toggle the functionality. ok deraadt@
This extends the previous work to cover even more cases which (previously potentially) could be exploited as return instructions.
(Comments are closed)