about summary refs log tree commit diff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2011-03-10 18:26:29 -0500
committerRich Felker <dalias@aerifal.cx>2011-03-10 18:26:29 -0500
commitdc54a7cbb9f0aad6f614131ecc683fbb0b717115 (patch)
tree10056eb8ebd9c4ae93ac13a0854bcdbc4772ccc4
parent52213f734134055968ef14bf54b71f0dd370763a (diff)
downloadmusl-dc54a7cbb9f0aad6f614131ecc683fbb0b717115.tar.gz
musl-dc54a7cbb9f0aad6f614131ecc683fbb0b717115.tar.xz
musl-dc54a7cbb9f0aad6f614131ecc683fbb0b717115.zip
fix errors in sigqueue (potential information leak, wrong behavior)
1. any padding in the siginfo struct was not necessarily zero-filled,
so it might have contained private data off the caller's stack.

2. the uid and pid must be filled in from userspace. the previous
rsyscall fix broke rsyscalls because the values were always incorrect.
-rw-r--r--src/signal/sigqueue.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/src/signal/sigqueue.c b/src/signal/sigqueue.c
index ce3abf6c..b8135d56 100644
--- a/src/signal/sigqueue.c
+++ b/src/signal/sigqueue.c
@@ -5,10 +5,12 @@
 
 int sigqueue(pid_t pid, int sig, const union sigval value)
 {
-	siginfo_t si = {
-		.si_signo = sig,
-		.si_code = -1,
-		.si_value = value,
-	};
+	siginfo_t si;
+	memset(&si, 0, sizeof si);
+	si.si_signo = sig;
+	si.si_code = SI_QUEUE;
+	si.si_value = value;
+	si.si_pid = getpid();
+	si.si_uid = getuid();
 	return syscall3(__NR_rt_sigqueueinfo, pid, sig, (long)&si);
 }