blob: 73caf9d81bc9a6fd971027fbee236a08a2a55500 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001
From: Alexander Naumov <alexander_naumov@opensuse.org>
Date: Mon, 30 Jan 2023 17:22:25 +0200
Subject: fix: missing signal sending permission check on failed query messages
Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
CVE: CVE-2023-24626
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
socket.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/socket.c b/socket.c
index bb68b35..9d87445 100644
--- a/socket.c
+++ b/socket.c
@@ -1285,11 +1285,16 @@ ReceiveMsg()
else
queryflag = -1;
- Kill(m.m.command.apid,
+ if (CheckPid(m.m.command.apid)) {
+ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
+ }
+ else {
+ Kill(m.m.command.apid,
(queryflag >= 0)
? SIGCONT
: SIG_BYE); /* Send SIG_BYE if an error happened */
- queryflag = -1;
+ queryflag = -1;
+ }
}
break;
case MSG_COMMAND:
--
2.25.1
|
