SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 10

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 11

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
#include <signal.h>  
 
char *foo;  
 
void int_handler() { 
  _exit(0); 
} 
  
int main(void) {  
  foo char *foo= malloc(15); 

  signal(SIGINT, int_handler); 
    
  foo = malloc(15);
  strcpy(foo, "NothingHello yetWorld.");
  
  /* main loop which displays foo */
  if (interrupted == 1) {
    strcpy(foo, "Signal caught.");
  }

puts(foo); 
 
  free(foo); 
  return 0; 
}

Risk Assessment

Depending on the code, this could lead to any number of attacks, many of which could give root access. For an overview of some software vulnerabilities, see Zalewski's signal article. VU #834865 is also an example of this.

...