...
| Code Block |
|---|
|
void handler(int signum) {
/* handling code */
}
|
Compliant Solution (Unix & Windows)
A C99-compliant solution to reset the handler on a Unix system is to rebind the signal to the default handler in the first line of the handler itself. Whereas, Windows automatically resets handlers to default.
| Code Block |
|---|
|
void handler(int signum) {
#ifndef WINDOWS
signal(signum, SIG_DFL);
#endif
/* handling code */
}
|
There With the Compliant Solution for Unix, there is no race condition that can be exploited by an attacker in sending a second signal, because . And that is because a second signal sent to the handler before it calls , before the latter calls signal(signum, SIG_DFL), will merely cause it to cause the handler to restart, and call signal() anyway.
...
| Code Block |
|---|
|
/* Equivalent to signal( SIGUSR1, handler) but make signal non-persistent */
struct sigaction act;
act.sa_handler = handler;
act.sa_flags = SA_RESETHAND;
if (sigemptyset(&act.sa_mask) != 0) {
/* handle error */
}
if (sigaction(SIGUSR1, &act, NULL) != 0) {
/* handle error */
}
|
Compliant Solution (Windows)
Windows automatically resets handlers to default.
| Code Block |
|---|
|
void handler(int signum) {
/* handling code */
}
|
Risk Assessment
Failure to understand implementation-specific details regarding signal handler persistence can lead to unexpected behavior.
...
