Use of deprecated signal() API instead of sigaction()

ID

c.race_condition.insecure_api_signal

Severity

low

Resource

Race Condition

Language

C / C++

Description

The signal() API should be regarded as deprecated. When possible, sigaction() should be used instead, because it allows to precisely specify the desired behavior in case two signals arrive shortly after each other thus preventing many race conditions.

Rationale

The signal() API should be regarded as deprecated. When possible, sigaction() should be used instead, because it allows to precisely specify the desired behavior in case two signals arrive shortly after each other thus preventing many race conditions.

The following code illustrates a vulnerable pattern detected by this rule:

int main(int argc, char *argv[])
{
	logMessage = strdup(argv[1]);

	// VULNERABLE: Use of deprecated signal() API instead of sigaction()
	signal(SIGHUP, handler);
	// VULNERABLE: Use of deprecated signal() API instead of sigaction()
	signal(SIGTERM, handler);

	sleep(10);

	return 0;
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References