| From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001 |
| From: Alexander Naumov <alexander_naumov@opensuse.org> |
| Date: Mon, 30 Jan 2023 17:22:25 +0200 |
| Subject: fix: missing signal sending permission check on failed query messages |
| |
| Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org> |
| |
| CVE: CVE-2023-24626 |
| Upstream-Status: Backport |
| Signed-off-by: Ross Burton <ross.burton@arm.com> |
| --- |
| src/socket.c | 9 +++++++-- |
| 1 file changed, 7 insertions(+), 2 deletions(-) |
| |
| diff --git a/src/socket.c b/src/socket.c |
| index 147dc54..54d8cb8 100644 |
| --- a/socket.c |
| +++ b/socket.c |
| @@ -1285,11 +1285,16 @@ ReceiveMsg() |
| else |
| queryflag = -1; |
| |
| - Kill(m.m.command.apid, |
| + if (CheckPid(m.m.command.apid)) { |
| + Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid); |
| + } |
| + else { |
| + Kill(m.m.command.apid, |
| (queryflag >= 0) |
| ? SIGCONT |
| : SIG_BYE); /* Send SIG_BYE if an error happened */ |
| - queryflag = -1; |
| + queryflag = -1; |
| + } |
| } |
| break; |
| case MSG_COMMAND: |
| -- |
| cgit v1.1 |
| |