From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001
From: Alexander Naumov <alexander_naumov@opensuse.org>
Date: Mon, 30 Jan 2023 17:22:25 +0200
Subject: fix: missing signal sending permission check on failed query messages

Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>

CVE: CVE-2023-24626
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 socket.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/socket.c b/socket.c
index bb68b35..9d87445 100644
--- a/socket.c
+++ b/socket.c
@@ -1285,11 +1285,16 @@ ReceiveMsg()
           else
             queryflag = -1;
 
-          Kill(m.m.command.apid,
+          if (CheckPid(m.m.command.apid)) {
+            Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
+          }
+          else {
+            Kill(m.m.command.apid,
                (queryflag >= 0)
                    ? SIGCONT
                    : SIG_BYE); /* Send SIG_BYE if an error happened */
-          queryflag = -1;
+            queryflag = -1;
+          }
         }
         break;
       case MSG_COMMAND:
-- 
2.25.1