SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 73

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A signal is a mechanism for transferring control that is typically used to notify a process that an event has occurred. That process can then respond to that the event accordingly. The C Standard provides functions for sending and handling signals within a C program.

...

Code Block
void (*signal(int sig, void (*func)(int)))(int);

This signal handler is conceptually equivalent to

...

Some platforms provide the ability to mask signals while a signal handler is being processed. If a signal is masked while its own handler is processed, the handler is noninterruptible and need not be async-signal-safe. However, even when a signal is masked while its own handler is processed, the handler must still avoid invoking async-signal-safe unsafe functions because their execution may be (or have been) interrupted by another signal.

Vulnerabilities can arise if a signal handler that is not async-signal-safe is interrupted with any unmasked signal, including its own.

...

POSIX recommends sigaction() and deprecates the use of signal() to register signal handlers. Unfortunately, sigaction() is not defined in the C Standard and is consequently not as portable a solution.

...

Interrupting a noninterruptible signal handler can result in a variety of vulnerabilities [Zalewski 2001].

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

SIG00-C

high

High

likely

Likely

high

High

P9

L2

Automated Detection

Tool

Version

Checker

Description

PRQA QA-C Include PagePRQA_VPRQA_Vwarncall for signalPartially implemented

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
BADFUNC.SIGNALUse of signal
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5019
LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced enforcement
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-SIG00-a

The signal handling facilities of <signal.h> shall not be used

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Assistance provided: reports use of the signal function

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++
Secure
Coding StandardVOID SIG00-CPP. Mask signals handled by noninterruptible signal handlers
MITRE CWECWE-662, Insufficient synchronization

Bibliography

Section 5.2.3, "Signals and Interrupts"[Open Group 2004]
[C99 Rationale 2003]Subclause 5.2.3, "Signals and Interrupts"
[Dowd 2006]Chapter 13, "Synchronization and State" ("Signal Interruption and Repetition")
[
ISO/IEC 2003]
IEEE Std 1003.1:2013]XSH, System Interface,
longjmp
[OpenBSD]signal() Man Page
[Zalewski 2001]
 

...

"Delivering Signals for Fun and Profit"


...

Image Modified Image Modified Image Modified