Insecure signal() API usage
Description
The signal() API is deprecated and should be replaced with sigaction() to prevent race conditions when handling multiple signals.
Examples
Insecure Code
c
signal(SIGINT, signal_handler);Secure Code
c
struct sigaction sa; sa.sa_handler = signal_handler; sigaction(SIGINT, &sa, NULL);Remediation
Replace signal() with sigaction() to specify the desired behavior for concurrent signals.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0642 |
| Category | Generic |
| Severity | MEDIUM |
| CWE | CWE-364 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | signal, sigaction, race condition |
| OWASP | N/A |
References
- https://cwe.mitre.org/data/definitions/364
- https://cwe.mitre.org/data/definitions/828
- https://cwe.mitre.org/data/definitions/479