From dc54a7cbb9f0aad6f614131ecc683fbb0b717115 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Thu, 10 Mar 2011 18:26:29 -0500 Subject: [PATCH] fix errors in sigqueue (potential information leak, wrong behavior) 1. any padding in the siginfo struct was not necessarily zero-filled, so it might have contained private data off the caller's stack. 2. the uid and pid must be filled in from userspace. the previous rsyscall fix broke rsyscalls because the values were always incorrect. --- src/signal/sigqueue.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/signal/sigqueue.c b/src/signal/sigqueue.c index ce3abf6c..b8135d56 100644 --- a/src/signal/sigqueue.c +++ b/src/signal/sigqueue.c @@ -5,10 +5,12 @@ int sigqueue(pid_t pid, int sig, const union sigval value) { - siginfo_t si = { - .si_signo = sig, - .si_code = -1, - .si_value = value, - }; + siginfo_t si; + memset(&si, 0, sizeof si); + si.si_signo = sig; + si.si_code = SI_QUEUE; + si.si_value = value; + si.si_pid = getpid(); + si.si_uid = getuid(); return syscall3(__NR_rt_sigqueueinfo, pid, sig, (long)&si); }