fix errors in sigqueue (potential information leak, wrong behavior)

1. any padding in the siginfo struct was not necessarily zero-filled, so it might have contained private data off the caller's stack. 2. the uid and pid must be filled in from userspace. the previous rsyscall fix broke rsyscalls because the values were always incorrect.

fix errors in sigqueue (potential information leak, wrong behavior)
1. any padding in the siginfo struct was not necessarily zero-filled, so it might have contained private data off the caller's stack. 2. the uid and pid must be filled in from userspace. the previous rsyscall fix broke rsyscalls because the values were always incorrect.
dc54a7cb · Rich Felker · 52213f73 · dc54a7cb
隐藏空白更改
内联并排

Showing with 7 addition and 5 deletion

src/signal/sigqueue.c src/signal/sigqueue.c +7 -5

未找到文件。
--- a/src/signal/sigqueue.c
+++ b/src/signal/sigqueue.c
@@ -5,10 +5,12 @@

 int sigqueue(pid_t pid, int sig, const union sigval value)
 {
-	siginfo_t si = {
-		.si_signo = sig,
-		.si_code = -1,
-		.si_value = value,
-	};
+	siginfo_t si;
+	memset(&si, 0, sizeof si);
+	si.si_signo = sig;
+	si.si_code = SI_QUEUE;
+	si.si_value = value;
+	si.si_pid = getpid();
+	si.si_uid = getuid();
 	return syscall3(__NR_rt_sigqueueinfo, pid, sig, (long)&si);
 }