From bf1e2c07977d6b987f7a976bb9e5b6bdd1ad3986 Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Mon, 25 May 2026 15:12:57 +0000 Subject: [PATCH] thr_kill2: Respect p_cansignal() Approved by: so Security: FreeBSD-SA-26:25.thr Security: CVE-2026-45256 Reported by: Igor Gabriel Sousa e Souza Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai Reviewed by: emaste, kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D57237 --- sys/kern/kern_thr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/kern_thr.c b/sys/kern/kern_thr.c index 4329959a2ef..4a439eee021 100644 --- a/sys/kern/kern_thr.c +++ b/sys/kern/kern_thr.c @@ -506,7 +506,7 @@ sys_thr_kill2(struct thread *td, struct thr_kill2_args *uap) p = ttd->td_proc; AUDIT_ARG_PROCESS(p); error = p_cansignal(td, p, uap->sig); - if (uap->sig == 0) + if (error != 0 || uap->sig == 0) ; else if (!_SIG_VALID(uap->sig)) error = EINVAL;