No direct issues come from using It is possible to safely use the same handler for multiple signals, but it broadens your susceptibility to other vulnerabilities. For instancedoing so generally increases the likelihood of violating a rule which can result in a security vulnerability. For example, if a signal handler is constructed with the expectation that it will only be executed once, but it is registered to catch multiple signals, then the handler may perform an operation multiple times that should only be performed once. Depending on what the handler does, this may provide a means to exploit other vulnerabilities. To eliminate this attack vector, each signal handler should only be registered to handle one type of signal.
Non-Compliant Coding Example
The program is intended non-compliant program registers a signal handler to clean up and terminate when it the process receives either a SIGINT or a SIGTERM. However, if a SIGINT is generated, and then a SIGTERM is generated after the call to free(), but before _Exit() is reached, a double free() will occur occurs. Note that this example also violates SIG30-C. Only call async-safe functions within signal handlers.
| Code Block | ||
|---|---|---|
| ||
#include <signal.h>
char *global_ptr;
void handler() {
free(global_ptr);
_Exit(-1);
}
int main(void) {
global_ptr = malloc(16);
if (global_ptr == NULL) {
/* handle error condition */
}
signal(SIGINT, handler);
signal(SIGTERM, handler);
/* program code... */
return 0;
}
|
Risk Assessment
...