projects / oweals / musl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 52213f7)
fix errors in sigqueue (potential information leak, wrong behavior)
authorRich Felker <dalias@aerifal.cx>
Thu, 10 Mar 2011 23:26:29 +0000 (18:26 -0500)
committerRich Felker <dalias@aerifal.cx>
Thu, 10 Mar 2011 23:26:29 +0000 (18:26 -0500)
1. any padding in the siginfo struct was not necessarily zero-filled,
so it might have contained private data off the caller's stack.

2. the uid and pid must be filled in from userspace. the previous
rsyscall fix broke rsyscalls because the values were always incorrect.

src/signal/sigqueue.c patch | blob | history

diff --git a/src/signal/sigqueue.c b/src/signal/sigqueue.c
index ce3abf6c9cb3969590173ffdaf09de25c066add6..b8135d56234e16a9cd75b49863f0c929385d96d5 100644 (file)
--- a/src/signal/sigqueue.c
+++ b/src/signal/sigqueue.c
@@ -5,10 +5,12 @@
 
 int sigqueue(pid_t pid, int sig, const union sigval value)
 {
-       siginfo_t si = {
-               .si_signo = sig,
-               .si_code = -1,
-               .si_value = value,
-       };
+       siginfo_t si;
+       memset(&si, 0, sizeof si);
+       si.si_signo = sig;
+       si.si_code = SI_QUEUE;
+       si.si_value = value;
+       si.si_pid = getpid();
+       si.si_uid = getuid();
        return syscall3(__NR_rt_sigqueueinfo, pid, sig, (long)&si);
 }
Unnamed repository; edit this file 'description' to name the repository.