X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=IEHUhyREc1JFFc+9Td+fr5DKsoBclOB9SwAHZaAmHRTXbPyW1eo41
	sH8ZSSsOadLqZcf2hljugP2VYl9jrNk+raVwyny8w7ZJd7ZTIavyllotPErMP4Dj
	uN5uR9LaND78DMU63ZuuJ3BiRov+dr9LtcIubjzTmHTd2AiVX6591E=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=4+Ig03xIST0KW145cjmgnBsEEaQ=; b=yuDBbPr9E+Ry/SLtmEWj3bVqrhsn
	Kj1ixs0NFyzf1LUw34NTZDPgfIOrXKVjBBFKQvpd0PBbcYMTKxAMeZIjBOTI92kL
	LrVZEb7RMZHinXio559Oxl48qrxk77smLutNjNOH0ivWBwLZ57HMWUKc1H5BoCXl
	MDFsJlZLNQDXmyo=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.4 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Thu, 26 Nov 2015 22:32:54 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: cygwin 2.3.1: '/bin/kill -l 0' dumps core
Message-ID: <20151126213254.GR2755@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <trinity-498ba847-57ba-4c83-be2b-8088ccf9deb0-1448551954691 AT 3capp-webde-bs11>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="acOuGx3oQeOcSZJu"
Content-Disposition: inline
In-Reply-To: <trinity-498ba847-57ba-4c83-be2b-8088ccf9deb0-1448551954691@3capp-webde-bs11>
User-Agent: Mutt/1.5.23 (2014-03-12)

--acOuGx3oQeOcSZJu
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Michael,

On Nov 26 16:32, mkwasigr AT web DOT de wrote:
> Hi all,
>=20
> I have just discovered that the command '/bin/kill -l 0' dumps core where=
=20
> bash's built in does not (well, it just displays 'T'...).
>=20
> NOTE: the signal spec after dash-ell is the number zero.
>=20
> Pls. find the output of cygcheck and the callstack attached to this mail.
>=20
> Short analysis: kill.cc: main() calls listsig() with arg "0". getsig()=20
> gets called with same arg. getsig() build string "SIG0" in local buf=20
> and gives that to strtosigno() which returns 0.
>=20
> Then I suspect the bug in line 96 of kill.cc, the end of getsig():
> if (!intsig && (strcmp (buf, "SIG0") !=3D 0 && (strtol (in_sig, &p, 10) !=
=3D 0
> || *p)))
> intsig =3D -1;
> return intsig;
>=20
> intsig should be set to -1 either if intsig =3D=3D 0 or if buf is not "SI=
G0"
> and strtol() returns 0 or fails, so line 96 should read
> if (!intsig || (strcmp (buf, "SIG0") !=3D 0 && (strtol (in_sig, &p, 10) !=
=3D 0=20
> || *p)))=20
>=20
> This sets intsig to -1 and returns from getsig().=20
>=20
> Without that change intsig would remain zero causing the SEGV in listsig(=
)=20
> in line 125 where puts() is called, so another security fix in strsigno()=
=20
> appears to be necessary to avoid calling puts(sys_sigabbrev[0]+3); which=
=20
> is most likely the cause of the SEGV (I could not find the array's=20
> definition so I could not verify this).=20
>=20
> So line 125=20
> if (signo >=3D 0 && signo < NSIG)=20
> should rather read=20
> if (signo > 0 && signo < NSIG)=20
>=20
> Sorry but all I can provide this a simple patch (attached) but I'm unable=
=20
> to test it myself.

Thanks.  I changed the patch slightly to get the same output as
kill from util-linux:

  $ kill -l 0
  0

I checked this in.  Thanks for the report and the patch.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--acOuGx3oQeOcSZJu
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWV3qGAAoJEPU2Bp2uRE+gR0kP/At/pU7aVCYlBpnjv+tDWBS4
lkfzLfm3c2NjspuUpNvpp2bbvyPfVAyN6T+KbrVszxnLjyI4RD+JDFPe9jJM1F4/
rrDA+d/rohxmFKYnd3cnCdfpf6TqBPDDOU5k+OoQUT8kuXNQxef3taP9YXY6tFXx
XNXRN1AsJTvDTTOitP7/8Hu2ruGykiUJG5sCqItnORhwDvdVed9eYFsmw9AkHRjL
M4Smfrepg3L5NbkJZUjliPvc1RkepCC6qHjfObLNuT1f0rBAxc1GsuZYU+d6J4aw
pR8S/Gqm/wTFErigEYKXeMjY19j5g2CCkkB7/kbDAxAiNibPawQDt12p2yx2Q9Z6
ktzokvIb6r55v9XFi5RogOhQGgejrSk/vUav8njQ0KvrbBWA+qFgISRvLDTAVPat
E+U9f6yPXllAQNPt25IUb5M4CvsnQ34kZ5essQ1d9Y/CJr6kx+2vRcvlYqb4fDQG
9DD+KCxNa+VPvl/QnwzcHoT12Iz0wt/S3LXVZSaJ3khErncTr2eT0cCnpwRZvNkY
6O30sHzakjNhhm2X3XWnbO1GRSVx2xGMIjX/5qoqjZYbq6GxIaAGAWZrsR8Uw2Hk
xCQg3F1P0RWxb3h9G4eXswLJEPFbnK/OzubKARv42ffW+owsC0F74QDT3GfNsf0P
GBguwIqEEM1rtpX3f82+
=Tz//
-----END PGP SIGNATURE-----

--acOuGx3oQeOcSZJu--