security fix: check that cancel/rsyscall signal was sent by the process itself

diff --git a/src/thread/pthread_create.c b/src/thread/pthread_create.c
index 2098e75..9c24b84 100644 (file)
--- a/src/thread/pthread_create.c
+++ b/src/thread/pthread_create.c
@@ -45,6 +45,7 @@ static void docancel(struct pthread *self)
 static void cancel_handler(int sig, siginfo_t *si, void *ctx)
 {
        struct pthread *self = __pthread_self();
+       if (si->si_code > 0 || si->si_pid != self->pid) return;
        self->cancel = 1;
        if (self->canceldisable || (!self->cancelasync && !self->cancelpoint))
                return;
@@ -75,6 +76,8 @@ static struct {
 
 static void rsyscall_handler(int sig, siginfo_t *si, void *ctx)
 {
+       if (si->si_code > 0 || si->si_pid != __pthread_self()->pid) return;
+
        if (rs.cnt == libc.threads_minus_1) return;
 
        if (syscall6(rs.nr, rs.arg[0], rs.arg[1], rs.arg[2],