[PATCH] D45778: [COFF] Mark images with no exception handlers for /safeseh
Reid Kleckner via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Apr 18 13:05:29 PDT 2018
rnk added a comment.
In https://reviews.llvm.org/D45778#1071211, @mstorsjo wrote:
> What effect does it have if a DLL is marked as not using safe SEH?
If it also lacks a load config, it is more easily expoitable. If a DLL doesn't have a `IMAGE_LOAD_CONFIG_DIRECTORY64` and it doesn't have the "no SEH" flag set, then any address in that DLL can be used as an exception handler. For 32-bit, exception handler function pointers are stored on the stack, so only a stack buffer overrun followed by an exception is needed to start an exploit chain.
After thinking that through, I think we should adjust the check to always add the "no SEH" flag if there is no load config. That's the safe thing to do.
https://reviews.llvm.org/D45778
More information about the llvm-commits
mailing list