Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 8e7b46e2350c3689938f309eaca929aada20b5a0 / . / poky / meta / recipes-extended / screen / screen / signal-permission.patch
blob: 77dc649090a99a4a191aa56374b89e1d69a3fa2b [file] [log] [blame]
Patrick Williams8e7b46e2023-05-01 14:19:06 -0500[diff] [blame^]1From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001
2From: Alexander Naumov <alexander_naumov@opensuse.org>
3Date: Mon, 30 Jan 2023 17:22:25 +0200
4Subject: fix: missing signal sending permission check on failed query messages
5
6Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
7
8CVE: CVE-2023-24626
9Upstream-Status: Backport
10Signed-off-by: Ross Burton <ross.burton@arm.com>
11---
12 src/socket.c | 9 +++++++--
13 1 file changed, 7 insertions(+), 2 deletions(-)
14
15diff --git a/src/socket.c b/src/socket.c
16index 147dc54..54d8cb8 100644
17--- a/socket.c
18+++ b/socket.c
19@@ -1285,11 +1285,16 @@ ReceiveMsg()
20 else
21 queryflag = -1;
22
23- Kill(m.m.command.apid,
24+ if (CheckPid(m.m.command.apid)) {
25+ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
26+ }
27+ else {
28+ Kill(m.m.command.apid,
29 (queryflag >= 0)
30 ? SIGCONT
31 : SIG_BYE); /* Send SIG_BYE if an error happened */
32- queryflag = -1;
33+ queryflag = -1;
34+ }
35 }
36 break;
37 case MSG_COMMAND:
38--
39cgit v1.1
40