| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Info |
|---|
Information for Editors |
Risk Assessment Summary
Rule | Severity | Likelihood | Detectable | Repairable |
|---|
A signal is an interrupt that is used to notify a process that an event has occurred. That process can then respond to that event accordingly. ISO/IEC 9899-1999 C provides functions for sending and handling signals within a C program.
Signals are handled by a process by registering a signal handler using the signal() function, which is specified as:
| Code Block |
|---|
void (*signal(int sig, void (*func)(int)))(int);
|
There is also a POSIX implementation, that offers more control over how signals are processed.
Improper handling of signals can lead to security vulnerabilities. The following rules and recommendations are designed to reduce the common errors associated with signal handling.
Implementation Details
It is important to note that the signal function behaves a little differently in Windows than it does on Linux/BSD systems. When a signal handler is installed with the signal function in Windows, after the signal is triggered once, the default action is restored for that signal. Conversely, Linux/BSD systems leave the signal handler defined by the user in place until it is explicitly removed. If you desire this latter behavior on a Windows system, a standards-compliant solution is to rebind the signal to the handler in the first line of the handler itself:
| Code Block |
|---|
void handler(int signum) {
signal(signum, handler);
/* rest of handling code */
}
|
Rules
SIG30-C. Do not call non-reentrant functions within signal handlers
SIG31-C. Do not access or modify shared objects in signal handlers
SIG32-C. Do not call longjmp() from inside a signal handler
Risk Assessment Summary
Rules
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SIG30-C | 3 (high) | 3 (likely) | 1 (high) | P9 | High | Likely | Yes | No | P18 | L1 L2 | |||||||
| SIG31-C | 3 (high) | 3 (likely) | 1 (high) | P9 | L2 | SIG32-C | 2 (medium) | 3 (likely) | 1 (high) | P6 | L2 High | Likely | Yes | No | P18 | L1 | |
| SIG34-C | Low | Unlikely | Yes | No | P2 | L3 | |||||||||||
| SIG35-C | Low | Unlikely | No | No | P1 | L3 |
Related Rules and Recommendations
| Navigation Map | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
...