summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2011-03-10 11:59:39 -0500
committerRich Felker <dalias@aerifal.cx>2011-03-10 11:59:39 -0500
commit52213f734134055968ef14bf54b71f0dd370763a (patch)
tree9931baeaa337476b11d2ec48be75b7852a0c80b8
parent11dbbe9fbac33ede053803ebf7193550ec5cfb48 (diff)
downloadmusl-52213f734134055968ef14bf54b71f0dd370763a.tar.gz
musl-52213f734134055968ef14bf54b71f0dd370763a.tar.bz2
musl-52213f734134055968ef14bf54b71f0dd370763a.tar.xz
musl-52213f734134055968ef14bf54b71f0dd370763a.zip
security fix: check that cancel/rsyscall signal was sent by the process itself
-rw-r--r--src/thread/pthread_create.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/thread/pthread_create.c b/src/thread/pthread_create.c
index 2098e752..9c24b844 100644
--- a/src/thread/pthread_create.c
+++ b/src/thread/pthread_create.c
@@ -45,6 +45,7 @@ static void docancel(struct pthread *self)
static void cancel_handler(int sig, siginfo_t *si, void *ctx)
{
struct pthread *self = __pthread_self();
+ if (si->si_code > 0 || si->si_pid != self->pid) return;
self->cancel = 1;
if (self->canceldisable || (!self->cancelasync && !self->cancelpoint))
return;
@@ -75,6 +76,8 @@ static struct {
static void rsyscall_handler(int sig, siginfo_t *si, void *ctx)
{
+ if (si->si_code > 0 || si->si_pid != __pthread_self()->pid) return;
+
if (rs.cnt == libc.threads_minus_1) return;
if (syscall6(rs.nr, rs.arg[0], rs.arg[1], rs.arg[2],