diff options
Diffstat (limited to 'community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch')
| -rw-r--r-- | community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch b/community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch new file mode 100644 index 0000000000..64aeb34131 --- /dev/null +++ b/community/shadow/303-Reset-pid_child-only-if-waitpid-was-successful.patch @@ -0,0 +1,29 @@ +From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 14 May 2017 17:58:10 +0200 +Subject: [PATCH] Reset pid_child only if waitpid was successful. + +Do not reset the pid_child to 0 if the child process is still +running. This else-condition can be reached with pid being -1, +therefore explicitly test this condition. + +This is a regression fix for CVE-2017-2616. If su receives a +signal like SIGTERM, it is not propagated to the child. + +Reported-by: Radu Duta <raduduta@gmail.com> +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +--- + src/su.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/src/su.c ++++ b/src/su.c +@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v + /* wake child when resumed */ + kill (pid, SIGCONT); + stop = false; +- } else { ++ } else if ( (pid_t)-1 != pid) { + pid_child = 0; + } + } while (!stop); |