Skip to content

Commit

Permalink
build: fix ASLR for bitcoin-cli on Windows
Browse files Browse the repository at this point in the history
ASLR is not currently working for the bitcoin-cli.exe binary. This is
due to it not having a .reloc section, which is stripped by default by
the mingw-w64 ld we use for gitian builds. A good summary of issues with
ld and mingw-w64 is available in this thread:
https://sourceware.org/bugzilla/show_bug.cgi?id=19011.

All other Windows binaries that we distribute (bitcoind, bitcoin-qt,
bitcoin-wallet, bitcoin-tx and test_bitcoin) do not suffer this issue,
and currently having working ASLR. This is due to them exporting
(inadvertent or not) libsecp256k1 symbols, and, as a result, the .reloc
section is not stripped by ld.

This change is a temporary workaround, also the same one described here:
https://www.kb.cert.org/vuls/id/307144/, that causes main() to be
exported. Exporting a symbol will mean that the .reloc section is not
stripped, and ASLR will function correctly.
  • Loading branch information
fanquake committed Apr 19, 2020
1 parent 6ae99aa commit 315a4d3
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions src/bitcoin-cli.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -551,11 +551,19 @@ static int CommandLineRPC(int argc, char *argv[])
return nRet;
}

int main(int argc, char* argv[])
{
#ifdef WIN32
// Export main() and ensure working ASLR on Windows.
// Exporting a symbol will prevent the linker from stripping
// the .reloc section from the binary, which is a requirement
// for ASLR. This is a temporary workaround until a fixed
// version of binutils is used for releases.
__declspec(dllexport) int main(int argc, char* argv[])
{
util::WinCmdLineArgs winArgs;
std::tie(argc, argv) = winArgs.get();
#else
int main(int argc, char* argv[])
{
#endif
SetupEnvironment();
if (!SetupNetworking()) {
Expand Down

0 comments on commit 315a4d3

Please sign in to comment.