git.schokokeks.org
Repositories
Help
Report an Issue
keks-overlay.git
Code
Commits
Branches
Tags
Suche
Strukturansicht:
ae5c5c0
Branches
Tags
master
keks-overlay.git
app-misc
screen
files
screen-4.9.0-CVE-2023-24626.patch
update screen
Hanno Böck
commited
ae5c5c0
at 2023-05-15 13:14:01
screen-4.9.0-CVE-2023-24626.patch
Blame
History
Raw
From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001 From: Alexander Naumov <alexander_naumov@opensuse.org> Date: Mon, 30 Jan 2023 17:22:25 +0200 Subject: fix: missing signal sending permission check on failed query messages Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org> --- socket.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/socket.c b/socket.c index 147dc54..54d8cb8 100644 --- a/socket.c +++ b/socket.c @@ -1285,11 +1285,16 @@ ReceiveMsg() else queryflag = -1; - Kill(m.m.command.apid, + if (CheckPid(m.m.command.apid)) { + Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid); + } + else { + Kill(m.m.command.apid, (queryflag >= 0) ? SIGCONT : SIG_BYE); /* Send SIG_BYE if an error happened */ - queryflag = -1; + queryflag = -1; + } } break; case MSG_COMMAND: