Snider/Mining
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Mining/miner/proxy/src/base/io/Signals.cpp
snider 8fb240967a fix: Address 9 security findings from code review (batch 6) 
Security fixes:
- CRIT-012: Add compile-time bounds checking in Job::setBlob()
- CRIT-017: Add header count limit (64 max) to prevent DoS
- HIGH-005: Disable TLSv1.0 and TLSv1.1 (BEAST/POODLE vulnerable)
- HIGH-008: Document signal handler safety (libuv defers to event loop)
- HIGH-011: Fix memory leak in BindHost using String copy constructor
- HIGH-023: Document JSON type safety check in Client::parse()

Quality improvements:
- MED-002: Add security headers (X-Content-Type-Options, X-Frame-Options, CSP)
- MED-007: Add URL length validation (8KB limit)
- MED-009: Reduce self-signed cert validity from 10 years to 1 year

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-31 19:14:24 +00:00

91 lines
2.6 KiB
C++
Raw Blame History

/* XMRig
* Copyright (c) 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright (c) 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "base/kernel/interfaces/ISignalListener.h"
#include "base/io/log/Log.h"
#include "base/io/log/Tags.h"
#include "base/io/Signals.h"
#include "base/tools/Handle.h"
#ifdef SIGUSR1
static const int signums[xmrig::Signals::kSignalsCount] = { SIGHUP, SIGINT, SIGTERM, SIGUSR1 };
#else
static const int signums[xmrig::Signals::kSignalsCount] = { SIGHUP, SIGINT, SIGTERM };
#endif
xmrig::Signals::Signals(ISignalListener *listener)
: m_listener(listener)
{
# ifndef XMRIG_OS_WIN
signal(SIGPIPE, SIG_IGN);
# endif
for (size_t i = 0; i < kSignalsCount; ++i) {
auto signal = new uv_signal_t;
signal->data = this;
m_signals[i] = signal;
uv_signal_init(uv_default_loop(), signal);
uv_signal_start(signal, Signals::onSignal, signums[i]);
}
}
xmrig::Signals::~Signals()
{
for (auto signal : m_signals) {
Handle::close(signal);
}
}
// NOTE (HIGH-008): This callback is invoked from the libuv event loop, NOT directly
// from a signal handler. libuv internally handles signal safety and defers to the
// event loop, making these LOG_* calls safe. Do NOT convert to direct signal() handler.
void xmrig::Signals::onSignal(uv_signal_t *handle, int signum)
{
switch (signum)
{
case SIGHUP:
LOG_WARN("%s " YELLOW("SIGHUP received, exiting"), Tags::signal());
break;
case SIGTERM:
LOG_WARN("%s " YELLOW("SIGTERM received, exiting"), Tags::signal());
break;
case SIGINT:
LOG_WARN("%s " YELLOW("SIGINT received, exiting"), Tags::signal());
break;
# ifdef SIGUSR1
case SIGUSR1:
LOG_V5("%s " WHITE_BOLD("SIGUSR1 received"), Tags::signal());
break;
# endif
default:
break;
}
static_cast<Signals *>(handle->data)->m_listener->onSignal(signum);
}
Reference in a new issue View git blame Copy permalink