screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs

Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7 (From OE-Core rev: d1f99b928b0a57bec879dde1b1b94c3c09286ea0) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2023-04-20 12:25:02 +0530
committer: Steve Sakoman <steve@sakoman.com> 2023-04-26 04:19:06 -1000
commit: 51a1d78e2af26be39587f29c3d169a35a7ae150e (patch)
tree: e1928e0d33c1383315811e4408ba7ca1e4d92dfd /meta/recipes-extended
parent: e610a24db73225d039ac7140cb7d58835cc6b2fd (diff)
download: poky-51a1d78e2af26be39587f29c3d169a35a7ae150e.tar.gz
2 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-extended/screen/screen/CVE-2023-24626.patch b/meta/recipes-extended/screen/screen/CVE-2023-24626.patch
new file mode 100644
index 0000000000..73caf9d81b
--- /dev/null
+++ b/meta/recipes-extended/screen/screen/CVE-2023-24626.patch
@@ -0,0 +1,40 @@
+From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001
+From: Alexander Naumov <alexander_naumov@opensuse.org>
+Date: Mon, 30 Jan 2023 17:22:25 +0200
+Subject: fix: missing signal sending permission check on failed query messages
+Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
+CVE: CVE-2023-24626
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ socket.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+diff --git a/socket.c b/socket.c
+index bb68b35..9d87445 100644
+--- a/socket.c
+++ b/socket.c
+@@ -1285,11 +1285,16 @@ ReceiveMsg()
+           else
+             queryflag = -1;
+ 
+-          Kill(m.m.command.apid,
+          if (CheckPid(m.m.command.apid)) {
+            Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
+          }
+          else {
+            Kill(m.m.command.apid,
+                (queryflag >= 0)
+                    ? SIGCONT
+                    : SIG_BYE); /* Send SIG_BYE if an error happened */
+-          queryflag = -1;
+            queryflag = -1;
+          }
+         }
+         break;
+       case MSG_COMMAND:
+-- 
+2.25.1
diff --git a/meta/recipes-extended/screen/screen_4.8.0.bb b/meta/recipes-extended/screen/screen_4.8.0.bb
index fe640c262b..c4faa27023 100644
--- a/meta/recipes-extended/screen/screen_4.8.0.bb
+++ b/meta/recipes-extended/screen/screen_4.8.0.bb
@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
           file://0001-fix-for-multijob-build.patch \
           file://0001-Remove-more-compatibility-stuff.patch \
           file://CVE-2021-26937.patch \
+           file://CVE-2023-24626.patch \
          "
 SRC_URI[md5sum] = "d276213d3acd10339cd37848b8c4ab1e"
author	Hitendra Prajapati <hprajapati@mvista.com>	2023-04-20 12:25:02 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-04-26 04:19:06 -1000
commit	51a1d78e2af26be39587f29c3d169a35a7ae150e (patch)
tree	e1928e0d33c1383315811e4408ba7ca1e4d92dfd /meta/recipes-extended
parent	e610a24db73225d039ac7140cb7d58835cc6b2fd (diff)
download	poky-51a1d78e2af26be39587f29c3d169a35a7ae150e.tar.gz

diff --git a/meta/recipes-extended/screen/screen/CVE-2023-24626.patch b/meta/recipes-extended/screen/screen/CVE-2023-24626.patch new file mode 100644 index 0000000000..73caf9d81b --- /dev/null +++ b/meta/recipes-extended/screen/screen/CVE-2023-24626.patch
@@ -0,0 +1,40 @@
		1	From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001
		2	From: Alexander Naumov <alexander_naumov@opensuse.org>
		3	Date: Mon, 30 Jan 2023 17:22:25 +0200
		4	Subject: fix: missing signal sending permission check on failed query messages
		5
		6	Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
		7
		8	CVE: CVE-2023-24626
		9	Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7]
		10	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		11	---
		12	socket.c \| 9 +++++++--
		13	1 file changed, 7 insertions(+), 2 deletions(-)
		14
		15	diff --git a/socket.c b/socket.c
		16	index bb68b35..9d87445 100644
		17	--- a/socket.c
		18	+++ b/socket.c
		19	@@ -1285,11 +1285,16 @@ ReceiveMsg()
		20	else
		21	queryflag = -1;
		22
		23	- Kill(m.m.command.apid,
		24	+ if (CheckPid(m.m.command.apid)) {
		25	+ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
		26	+ }
		27	+ else {
		28	+ Kill(m.m.command.apid,
		29	(queryflag >= 0)
		30	? SIGCONT
		31	: SIG_BYE); /* Send SIG_BYE if an error happened */
		32	- queryflag = -1;
		33	+ queryflag = -1;
		34	+ }
		35	}
		36	break;
		37	case MSG_COMMAND:
		38	--
		39	2.25.1
		40


diff --git a/meta/recipes-extended/screen/screen_4.8.0.bb b/meta/recipes-extended/screen/screen_4.8.0.bb index fe640c262b..c4faa27023 100644 --- a/meta/recipes-extended/screen/screen_4.8.0.bb +++ b/meta/recipes-extended/screen/screen_4.8.0.bb
@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
22	file://0001-fix-for-multijob-build.patch \	22	file://0001-fix-for-multijob-build.patch \
23	file://0001-Remove-more-compatibility-stuff.patch \	23	file://0001-Remove-more-compatibility-stuff.patch \
24	file://CVE-2021-26937.patch \	24	file://CVE-2021-26937.patch \
		25	file://CVE-2023-24626.patch \
25	"	26	"
26		27
27	SRC_URI[md5sum] = "d276213d3acd10339cd37848b8c4ab1e"	28	SRC_URI[md5sum] = "d276213d3acd10339cd37848b8c4ab1e"