!26 修复CVE-2023-24626

From: @hongjinghao Reviewed-by: @licunlong Signed-off-by: @licunlong
2023-04-20 03:05:36 +00:00 · 2023-04-20 03:05:36 +00:00 · b4c35b0e0b
commit b4c35b0e0b
parent 46d582a5cb 8868f7f1b1
2 changed files with 49 additions and 1 deletions
--- a/backport-CVE-2023-24626.patch
+++ b/backport-CVE-2023-24626.patch
@ -0,0 +1,43 @@
+From 6df4a48ff6b31bedc2d0216b84dbe66cf9ca5e23 Mon Sep 17 00:00:00 2001
+From: Alexander Naumov <alexander_naumov@opensuse.org>
+Date: Wed, 1 Feb 2023 13:47:57 +0200
+Subject: [PATCH] Missing signal sending permission check on failed query
+ messages
+
+When run as setuid root, one can send a query message to the
+privileged screen process via its unix socket in order to force
+it to send SIGHUP to a PID that can be freely specified in the
+query packet.
+Processes that do not explicitly handle SIGHUP will simply terminate
+
+Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
+---
+ socket.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/socket.c b/socket.c
+index bb68b35..0a575cf 100644
+--- a/socket.c
+++ b/socket.c
+@@ -1285,11 +1285,16 @@ ReceiveMsg()
+           else
+             queryflag = -1;
+ 
+-          Kill(m.m.command.apid,
+	  if (CheckPid(m.m.command.apid)) {
+	    Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
+	  }
+	  else {
+            Kill(m.m.command.apid,
+                (queryflag >= 0)
+                    ? SIGCONT
+                    : SIG_BYE); /* Send SIG_BYE if an error happened */
+-          queryflag = -1;
+            queryflag = -1;
+	  }
+         }
+         break;
+       case MSG_COMMAND:
+-- 
+2.27.0
+
--- a/screen.spec
+++ b/screen.spec
@ -1,7 +1,7 @@
 Name:           screen
 Epoch:          1
 Version:        4.9.0
-Release:        1
+Release:        2
 Summary:        A full-screen window manager
 License:        GPLv3+
 URL:            http://www.gnu.org/software/screen
@ -13,6 +13,8 @@ Patch2:         screen-E3.patch
 Patch3:         screen-4.3.1-suppress_remap.patch
 Patch4:         screen-4.3.1-crypt.patch

+Patch6001:      backport-CVE-2023-24626.patch
+
 BuildRequires:  automake autoconf gcc ncurses-devel texinfo
 BuildRequires:  systemd
 Requires:       shadow-utils
@ -97,6 +99,9 @@ fi
 %{_infodir}/screen.info*

 %changelog
+* Wed Apr 19 2023 hongjinghao <hongjinghao@huawei.com> - 1:4.9.0-2
+- fix CVE-2023-24626
+
 * Fri Oct 21 2022 hongjinghao <hongjinghao@huawei.com> - 1:4.9.0-1
 - update to 4.9.0