The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=bf1e2c07977d6b987f7a976bb9e5b6bdd1ad3986
commit bf1e2c07977d6b987f7a976bb9e5b6bdd1ad3986 Author: Mark Johnston <[email protected]> AuthorDate: 2026-05-25 15:12:57 +0000 Commit: Mark Johnston <[email protected]> CommitDate: 2026-06-09 19:13:21 +0000 thr_kill2: Respect p_cansignal() Approved by: so Security: FreeBSD-SA-26:25.thr Security: CVE-2026-45256 Reported by: Igor Gabriel Sousa e Souza Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai Reviewed by: emaste, kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D57237 --- sys/kern/kern_thr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/kern_thr.c b/sys/kern/kern_thr.c index 4329959a2ef4..4a439eee0210 100644 --- a/sys/kern/kern_thr.c +++ b/sys/kern/kern_thr.c @@ -506,7 +506,7 @@ sys_thr_kill2(struct thread *td, struct thr_kill2_args *uap) p = ttd->td_proc; AUDIT_ARG_PROCESS(p); error = p_cansignal(td, p, uap->sig); - if (uap->sig == 0) + if (error != 0 || uap->sig == 0) ; else if (!_SIG_VALID(uap->sig)) error = EINVAL;
