SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 56

changes.mady.by.user Gina DeCola

Saved on

compared with

New Version 57

changes.mady.by.user Gina DeCola

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Some platforms provide the ability to mask signals while a signal handler is being processed. If a signal is masked while its own handler is processed, the handler is non-interruptible noninterruptible and need not be asynchronous-safe.

Vulnerabilities can arise if a non-asynchronousnon—asynchronous-safe signal handler is interrupted with any unmasked signal, including its own.

...

This noncompliant code example registers a single signal handler to process both SIGUSR1 and SIGUSR2. The variable sig2 should be set to one 1 if one or more SIGUSR1 signals are followed by SIGUSR2, essentially implementing a finite state machine within the signal handler.

Code Block
bgColor#FFcccc
#include <signal.h>

volatile sig_atomic_t sig1 = 0;
volatile sig_atomic_t sig2 = 0;

void handler(int signum) {
  if (signum == SIGUSR1) {
    sig1 = 1;
  }
  else if (sig1) {
    sig2 = 1;
  }
}

int main(void) {
  if (signal(SIGUSR1, handler) == SIG_ERR) {
    /* handleHandle error */
  }
  if (signal(SIGUSR2, handler) == SIG_ERR) {
    /* handlerHandler error */
  }

  while (sig2 == 0) {
    /* doDo nothing or give up CPU for a while */
  }

  /* ... */

  return 0;
}

...

Code Block
bgColor#ccccff
#include <signal.h>
#include <stdio.h>

volatile sig_atomic_t sig1 = 0;
volatile sig_atomic_t sig2 = 0;

void handler(int signum) {
  if (signum == SIGUSR1) {
    sig1 = 1;
  }
  else if (sig1) {
    sig2 = 1;
  }
}

int main(void) {
  struct sigaction act;
  act.sa_handler = &handler;
  act.sa_flags = 0;
  if (sigemptyset(&act.sa_mask) != 0) {
    /* handleHandle error */
  }
  if (sigaddset(&act.sa_mask, SIGUSR1)) {
    /* handleHandle error */
  }
  if (sigaddset(&act.sa_mask, SIGUSR2)) {
    /* handleHandle error */
  }

  if (sigaction(SIGUSR1, &act, NULL) != 0) {
    /* handleHandle error */
  }
  if (sigaction(SIGUSR2, &act, NULL) != 0) {
    /* handleHandle error */
  }

  while (sig2 == 0) {
    /* doDo nothing or give up CPU for a while */
  }

  /* ... */

  return 0;
}

...

Wiki Markup
Interrupting a non-interruptiblenoninterruptible signal handler can result in a variety of vulnerabilities \[[Zalewski 01|AA. C References#Zalewski 01]\].

...