unchecked signal numbers in RT functions

To: <tech-kern%netbsd.org@localhost>
Subject: unchecked signal numbers in RT functions
From: Matthias Drochner <M.Drochner%fz-juelich.de@localhost>
Date: Wed, 9 Dec 2009 22:15:09 +0100

Hi -
if sigismember(9) et al. are used against an unchecked signal number
the kernel can be crashed - just see the definition of __sigword()
in <sys/sigtypes.h>.
Now some of the new RT functions, in particular those using
a "struct sigevent" argument, don't check the sigev_signo
value. This comprises a local DOS problem.
What to do here? While returning EINVAL on invalid signal numbers
sounds most logical, POSIX doesn't mention this possibility.
One could also clip the __sigword result or translate invalid values
into a reasonable default, but this would most likely lead to
applications failing in strange ways.
Opinions? The problematic syscalls I've found so far are
mq_notify() and timer_create().

best regards
Matthias



------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------

#include <stdio.h>
#include <err.h>
#include <mqueue.h>
#include <string.h>

int
main()
{
        mqd_t m;
        struct sigevent n;
        int res;

        m = mq_open("/mist", O_RDWR|O_CREAT, 7, NULL);
        if (m == (mqd_t)-1)
                err(1, "mq_open");

        memset(&n, 0, sizeof(n));
        n.sigev_notify = SIGEV_SIGNAL;
        res = mq_notify(m, &n);
        if (res == -1)
                err(1, "mq_notify");

        res = mq_send(m, "mist", 4, 0);
        if (res == -1)
                err(1, "mq_send");

        return 0;
}

Follow-Ups:
- Re: unchecked signal numbers in RT functions
  - From: Joerg Sonnenberger

Prev by Date: Re: WD_QUIRK_FORCE_LBA48
Next by Date: Re: unchecked signal numbers in RT functions
Previous by Thread: fileops fodrain()
Next by Thread: Re: unchecked signal numbers in RT functions
Indexes:

Home | Main Index | Thread Index | Old Index