This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: cygwin 2.3.1: '/bin/kill -l 0' dumps core


Hi Michael,

On Nov 26 16:32, mkwasigr@web.de wrote:
> Hi all,
> 
> I have just discovered that the command '/bin/kill -l 0' dumps core where 
> bash's built in does not (well, it just displays 'T'...).
> 
> NOTE: the signal spec after dash-ell is the number zero.
> 
> Pls. find the output of cygcheck and the callstack attached to this mail.
> 
> Short analysis: kill.cc: main() calls listsig() with arg "0". getsig() 
> gets called with same arg. getsig() build string "SIG0" in local buf 
> and gives that to strtosigno() which returns 0.
> 
> Then I suspect the bug in line 96 of kill.cc, the end of getsig():
> if (!intsig && (strcmp (buf, "SIG0") != 0 && (strtol (in_sig, &p, 10) != 0
> || *p)))
> intsig = -1;
> return intsig;
> 
> intsig should be set to -1 either if intsig == 0 or if buf is not "SIG0"
> and strtol() returns 0 or fails, so line 96 should read
> if (!intsig || (strcmp (buf, "SIG0") != 0 && (strtol (in_sig, &p, 10) != 0 
> || *p))) 
> 
> This sets intsig to -1 and returns from getsig(). 
> 
> Without that change intsig would remain zero causing the SEGV in listsig() 
> in line 125 where puts() is called, so another security fix in strsigno() 
> appears to be necessary to avoid calling puts(sys_sigabbrev[0]+3); which 
> is most likely the cause of the SEGV (I could not find the array's 
> definition so I could not verify this). 
> 
> So line 125 
> if (signo >= 0 && signo < NSIG) 
> should rather read 
> if (signo > 0 && signo < NSIG) 
> 
> Sorry but all I can provide this a simple patch (attached) but I'm unable 
> to test it myself.

Thanks.  I changed the patch slightly to get the same output as
kill from util-linux:

  $ kill -l 0
  0

I checked this in.  Thanks for the report and the patch.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgp8u8riTp9dN.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]