cygwin 2.3.1: '/bin/kill -l 0' dumps core
Corinna Vinschen
corinna-cygwin@cygwin.com
Fri Nov 27 06:47:00 GMT 2015
Hi Michael,
On Nov 26 16:32, mkwasigr@web.de wrote:
> Hi all,
>
> I have just discovered that the command '/bin/kill -l 0' dumps core where
> bash's built in does not (well, it just displays 'T'...).
>
> NOTE: the signal spec after dash-ell is the number zero.
>
> Pls. find the output of cygcheck and the callstack attached to this mail.
>
> Short analysis: kill.cc: main() calls listsig() with arg "0". getsig()
> gets called with same arg. getsig() build string "SIG0" in local buf
> and gives that to strtosigno() which returns 0.
>
> Then I suspect the bug in line 96 of kill.cc, the end of getsig():
> if (!intsig && (strcmp (buf, "SIG0") != 0 && (strtol (in_sig, &p, 10) != 0
> || *p)))
> intsig = -1;
> return intsig;
>
> intsig should be set to -1 either if intsig == 0 or if buf is not "SIG0"
> and strtol() returns 0 or fails, so line 96 should read
> if (!intsig || (strcmp (buf, "SIG0") != 0 && (strtol (in_sig, &p, 10) != 0
> || *p)))
>
> This sets intsig to -1 and returns from getsig().
>
> Without that change intsig would remain zero causing the SEGV in listsig()
> in line 125 where puts() is called, so another security fix in strsigno()
> appears to be necessary to avoid calling puts(sys_sigabbrev[0]+3); which
> is most likely the cause of the SEGV (I could not find the array's
> definition so I could not verify this).
>
> So line 125
> if (signo >= 0 && signo < NSIG)
> should rather read
> if (signo > 0 && signo < NSIG)
>
> Sorry but all I can provide this a simple patch (attached) but I'm unable
> to test it myself.
Thanks. I changed the patch slightly to get the same output as
kill from util-linux:
$ kill -l 0
0
I checked this in. Thanks for the report and the patch.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20151127/38f39e06/attachment.sig>
More information about the Cygwin
mailing list