From 52213f734134055968ef14bf54b71f0dd370763a Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Thu, 10 Mar 2011 11:59:39 -0500 Subject: security fix: check that cancel/rsyscall signal was sent by the process itself --- src/thread/pthread_create.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src') diff --git a/src/thread/pthread_create.c b/src/thread/pthread_create.c index 2098e752..9c24b844 100644 --- a/src/thread/pthread_create.c +++ b/src/thread/pthread_create.c @@ -45,6 +45,7 @@ static void docancel(struct pthread *self) static void cancel_handler(int sig, siginfo_t *si, void *ctx) { struct pthread *self = __pthread_self(); + if (si->si_code > 0 || si->si_pid != self->pid) return; self->cancel = 1; if (self->canceldisable || (!self->cancelasync && !self->cancelpoint)) return; @@ -75,6 +76,8 @@ static struct { static void rsyscall_handler(int sig, siginfo_t *si, void *ctx) { + if (si->si_code > 0 || si->si_pid != __pthread_self()->pid) return; + if (rs.cnt == libc.threads_minus_1) return; if (syscall6(rs.nr, rs.arg[0], rs.arg[1], rs.arg[2], -- cgit v1.2.3-70-g09d2