Skip to content

Commit cf6b49e

Browse files
njdawnnjdawn
authored
Merge pull request open-wallet-standard#112 from franklad/feat/signal-handler-sigquit-sigabrt
feat: add SIGQUIT and panic hook to signal handler
2 parents 85bc913 + bb7577a commit cf6b49e

1 file changed

Lines changed: 18 additions & 5 deletions

File tree

ows/crates/ows-signer/src/process_hardening.rs

Lines changed: 18 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,8 @@
44
//! core dumps, debugger attachment, or memory swapping.
55
//!
66
//! Also provides signal-based cleanup hooks so that cached key material
7-
//! is zeroized on SIGTERM, SIGINT, or SIGHUP before the process exits.
7+
//! is zeroized on SIGTERM, SIGINT, SIGHUP, or SIGQUIT before the process exits.
8+
//! A panic hook ensures cleanup also runs on Rust panics (covering the SIGABRT path).
89
910
use std::sync::{Mutex, OnceLock};
1011

@@ -46,14 +47,19 @@ fn run_cleanup_hooks() {
4647
}
4748
}
4849

49-
/// Install signal handlers for SIGTERM, SIGINT, and SIGHUP.
50+
/// Install signal handlers for SIGTERM, SIGINT, SIGHUP, and SIGQUIT.
5051
///
5152
/// Spawns a background thread that waits for any of these signals,
5253
/// runs all registered cleanup hooks (zeroizing cached keys), then exits.
54+
///
55+
/// Also installs a panic hook so that cleanup runs on Rust panics
56+
/// (the primary path to SIGABRT, which cannot be safely intercepted
57+
/// via signal handlers).
58+
///
5359
/// Must be called at most once; subsequent calls are no-ops.
5460
#[cfg(unix)]
5561
pub fn install_signal_handlers() {
56-
use signal_hook::consts::{SIGHUP, SIGINT, SIGTERM};
62+
use signal_hook::consts::{SIGHUP, SIGINT, SIGQUIT, SIGTERM};
5763
use signal_hook::iterator::Signals;
5864
use std::sync::atomic::{AtomicBool, Ordering};
5965

@@ -62,8 +68,15 @@ pub fn install_signal_handlers() {
6268
return;
6369
}
6470

65-
let mut signals =
66-
Signals::new([SIGTERM, SIGINT, SIGHUP]).expect("failed to register signal handlers");
71+
// Capture the default panic hook so we can chain after cleanup.
72+
let default_hook = std::panic::take_hook();
73+
std::panic::set_hook(Box::new(move |info| {
74+
run_cleanup_hooks();
75+
default_hook(info);
76+
}));
77+
78+
let mut signals = Signals::new([SIGTERM, SIGINT, SIGHUP, SIGQUIT])
79+
.expect("failed to register signal handlers");
6780

6881
std::thread::Builder::new()
6982
.name("ows-signal-handler".into())

0 commit comments

Comments
 (0)