Hi Michael, On Nov 26 16:32, mkwas...@web.de wrote: > Hi all, > > I have just discovered that the command '/bin/kill -l 0' dumps core where > bash's built in does not (well, it just displays 'T'...). > > NOTE: the signal spec after dash-ell is the number zero. > > Pls. find the output of cygcheck and the callstack attached to this mail. > > Short analysis: kill.cc: main() calls listsig() with arg "0". getsig() > gets called with same arg. getsig() build string "SIG0" in local buf > and gives that to strtosigno() which returns 0. > > Then I suspect the bug in line 96 of kill.cc, the end of getsig(): > if (!intsig && (strcmp (buf, "SIG0") != 0 && (strtol (in_sig, &p, 10) != 0 > || *p))) > intsig = -1; > return intsig; > > intsig should be set to -1 either if intsig == 0 or if buf is not "SIG0" > and strtol() returns 0 or fails, so line 96 should read > if (!intsig || (strcmp (buf, "SIG0") != 0 && (strtol (in_sig, &p, 10) != 0 > || *p))) > > This sets intsig to -1 and returns from getsig(). > > Without that change intsig would remain zero causing the SEGV in listsig() > in line 125 where puts() is called, so another security fix in strsigno() > appears to be necessary to avoid calling puts(sys_sigabbrev[0]+3); which > is most likely the cause of the SEGV (I could not find the array's > definition so I could not verify this). > > So line 125 > if (signo >= 0 && signo < NSIG) > should rather read > if (signo > 0 && signo < NSIG) > > Sorry but all I can provide this a simple patch (attached) but I'm unable > to test it myself.
Thanks. I changed the patch slightly to get the same output as kill from util-linux: $ kill -l 0 0 I checked this in. Thanks for the report and the patch. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
pgp22fMMJPTVz.pgp
Description: PGP signature
