security fix: check that cancel/rsyscall signal was sent by the process itself

author: Rich Felker <dalias@aerifal.cx> 2011-03-10 11:59:39 -0500
committer: Rich Felker <dalias@aerifal.cx> 2011-03-10 11:59:39 -0500
commit: 52213f734134055968ef14bf54b71f0dd370763a (patch)
tree: 9931baeaa337476b11d2ec48be75b7852a0c80b8 /src/thread/pthread_create.c
parent: 11dbbe9fbac33ede053803ebf7193550ec5cfb48 (diff)
download: musl-52213f734134055968ef14bf54b71f0dd370763a.tar.gz
musl-52213f734134055968ef14bf54b71f0dd370763a.tar.xz
musl-52213f734134055968ef14bf54b71f0dd370763a.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/thread/pthread_create.c b/src/thread/pthread_create.c
index 2098e752..9c24b844 100644
--- a/src/thread/pthread_create.c
+++ b/src/thread/pthread_create.c
@@ -45,6 +45,7 @@ static void docancel(struct pthread *self)
 static void cancel_handler(int sig, siginfo_t *si, void *ctx)
 {
 	struct pthread *self = __pthread_self();
+	if (si->si_code > 0 || si->si_pid != self->pid) return;
 	self->cancel = 1;
 	if (self->canceldisable || (!self->cancelasync && !self->cancelpoint))
 		return;
@@ -75,6 +76,8 @@ static struct {
 
 static void rsyscall_handler(int sig, siginfo_t *si, void *ctx)
 {
+	if (si->si_code > 0 || si->si_pid != __pthread_self()->pid) return;
+
 	if (rs.cnt == libc.threads_minus_1) return;
 
 	if (syscall6(rs.nr, rs.arg[0], rs.arg[1], rs.arg[2],
author	Rich Felker <dalias@aerifal.cx>	2011-03-10 11:59:39 -0500
committer	Rich Felker <dalias@aerifal.cx>	2011-03-10 11:59:39 -0500
commit	52213f734134055968ef14bf54b71f0dd370763a (patch)
tree	9931baeaa337476b11d2ec48be75b7852a0c80b8 /src/thread/pthread_create.c
parent	11dbbe9fbac33ede053803ebf7193550ec5cfb48 (diff)
download	musl-52213f734134055968ef14bf54b71f0dd370763a.tar.gz musl-52213f734134055968ef14bf54b71f0dd370763a.tar.xz musl-52213f734134055968ef14bf54b71f0dd370763a.zip