From dc54a7cbb9f0aad6f614131ecc683fbb0b717115 Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Thu, 10 Mar 2011 18:26:29 -0500
Subject: fix errors in sigqueue (potential information leak, wrong behavior)

1. any padding in the siginfo struct was not necessarily zero-filled,
so it might have contained private data off the caller's stack.

2. the uid and pid must be filled in from userspace. the previous
rsyscall fix broke rsyscalls because the values were always incorrect.
---
 src/signal/sigqueue.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'src/signal/sigqueue.c')

diff --git a/src/signal/sigqueue.c b/src/signal/sigqueue.c
index ce3abf6c..b8135d56 100644
--- a/src/signal/sigqueue.c
+++ b/src/signal/sigqueue.c
@@ -5,10 +5,12 @@
 
 int sigqueue(pid_t pid, int sig, const union sigval value)
 {
-	siginfo_t si = {
-		.si_signo = sig,
-		.si_code = -1,
-		.si_value = value,
-	};
+	siginfo_t si;
+	memset(&si, 0, sizeof si);
+	si.si_signo = sig;
+	si.si_code = SI_QUEUE;
+	si.si_value = value;
+	si.si_pid = getpid();
+	si.si_uid = getuid();
 	return syscall3(__NR_rt_sigqueueinfo, pid, sig, (long)&si);
 }
-- 
cgit v1.2.1