You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Referring to the value of errno after a signal occurred other than as the result of calling the abort() or raise() function and the corresponding signal handler obtained a SIG_ERR return from a call to the signal() function.

Non-Compliant Code Example

If the request to register a signal handler can be honored, the signal() function returns the value of the signal handler for the most recent successful call to the signal() function for the specified signal. Otherwise, a value of
SIG_ERR is returned and a positive value is stored in errno.

#include <signal.h>
#include <stdlib.h>
#include <string.h>

typedef void (*pfv)(int);

void handler(int signum) {
  pfv old_handler = signal(signum, handler);
  if (old_handler == SIG_ERR) {
    perror("SIGINT handler"); /* undefined behavior */
    /* handle error condition */
  }
  strcpy(err_msg, "SIGINT encountered.");
}

int main(void) {
  pfv old_handler = signal(SIGINT, handler);
  if (old_handler == SIG_ERR) {
    perror("SIGINT handler");
    /* handle error condition */
  }

  /* main code loop */

  return 0;
}

Compliant Solution

The compliant solution does not reference errno.

#include <signal.h>
#include <stdlib.h>
#include <string.h>

typedef void (*pfv)(int);

void handler(int signum) {
  pfv old_handler = signal(signum, handler);
  if (old_handler == SIG_ERR) {
    /* handle error condition */
  }
}

int main(void) {
  pfv old_handler = signal(SIGINT, handler);
  if (old_handler == SIG_ERR) {
    perror("SIGINT handler");
    /* handle error condition */
  }

  /* main code loop */

  return 0;
}

Risk Assessment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR32-C

1 (low)

1 (unlikely)

3 (low)

P3

L3

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[ISO/IEC 9899-1999]] Section 7.14.1.1, "The signal function"


ERR31-C. Don't redefine errno      13. Error Handling (ERR)       ERR33-C. Only examine the value of errno when it is indicated to be valid by a function's return value

  • No labels