From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Tue, 02 May 2023 09:07:15 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1ptk6W-0026wu-RD
	for lore@lore.pengutronix.de; Tue, 02 May 2023 09:07:15 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1ptk6U-00050V-PQ; Tue, 02 May 2023 09:07:14 +0200
Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mol@pengutronix.de>)
 id 1ptk5P-0002Sh-CK; Tue, 02 May 2023 09:06:07 +0200
Received: from [2a0a:edc0:0:1101:1d::54] (helo=dude05.red.stw.pengutronix.de)
 by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2)
 (envelope-from <mol@pengutronix.de>)
 id 1ptk5O-000Wop-RU; Tue, 02 May 2023 09:06:06 +0200
Received: from mol by dude05.red.stw.pengutronix.de with local (Exim 4.94.2)
 (envelope-from <mol@pengutronix.de>)
 id 1ptk5N-001KJL-UJ; Tue, 02 May 2023 09:06:05 +0200
From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Date: Tue,  2 May 2023 09:06:05 +0200
Message-Id: <20230502070605.316396-1-m.olbrich@pengutronix.de>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230424175213.1378743-1-christian.melki@t2data.com>
References: <20230424175213.1378743-1-christian.melki@t2data.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: Re: [ptxdist] [APPLIED] screen: Plug CVE-2023-24626.
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: Christian Melki <christian.melki@t2data.com>
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

Thanks, applied as 959ca2f626413ed5f49450b23ecb77934f738db6.

Michael

[sent from post-receive hook]

On Tue, 02 May 2023 09:06:05 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> Mishap with priviliged signal handling.
> https://nvd.nist.gov/vuln/detail/CVE-2023-24626
> 
> * Provide patch as is for 4.9.0, including the whitespace touchup.
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20230424175213.1378743-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch b/patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch
> new file mode 100644
> index 000000000000..1acd66a1902d
> --- /dev/null
> +++ b/patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch
> @@ -0,0 +1,33 @@
> +From: Alexander Naumov <alexander_naumov@opensuse.org>
> +Date: Mon, 30 Jan 2023 17:22:25 +0200
> +Subject: [PATCH] fix: missing signal sending permission check on failed query
> + messages
> +
> +Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
> +---
> + socket.c | 9 +++++++--
> + 1 file changed, 7 insertions(+), 2 deletions(-)
> +
> +diff --git a/socket.c b/socket.c
> +index bb68b35353b9..9d874457dfce 100644
> +--- a/socket.c
> ++++ b/socket.c
> +@@ -1285,11 +1285,16 @@ ReceiveMsg()
> +           else
> +             queryflag = -1;
> + 
> +-          Kill(m.m.command.apid,
> ++          if (CheckPid(m.m.command.apid)) {
> ++            Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
> ++          }
> ++          else {
> ++            Kill(m.m.command.apid,
> +                (queryflag >= 0)
> +                    ? SIGCONT
> +                    : SIG_BYE); /* Send SIG_BYE if an error happened */
> +-          queryflag = -1;
> ++            queryflag = -1;
> ++          }
> +         }
> +         break;
> +       case MSG_COMMAND:
> diff --git a/patches/screen-4.9.0/series b/patches/screen-4.9.0/series
> index bf7060df3881..11f49d58ec56 100644
> --- a/patches/screen-4.9.0/series
> +++ b/patches/screen-4.9.0/series
> @@ -3,4 +3,5 @@
>  0001-comm.h-now-depends-on-term.h.patch
>  0002-comm.h-needed-for-list_-display-generic-.o.patch
>  0003-suppress_remap.patch
> -# 086ac9b43abed5bb61eef564f1ac00d9  - git-ptx-patches magic
> +0004-fix-missing-signal-sending-permission-check-on-faile.patch
> +# d9101cb0610499bee9be456b4dc83845  - git-ptx-patches magic