[src/netbsd-1-5]: src/sys/net Pullup 1.13 [sommerfeld]:

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-1-5]: src/sys/net Pullup 1.13 [sommerfeld]:
From: tv <tv%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 07:25:33 +0000

details:   https://anonhg.NetBSD.org/src/rev/06790eca72b0
branches:  netbsd-1-5
changeset: 490273:06790eca72b0
user:      tv <tv%NetBSD.org@localhost>
date:      Sun Nov 19 20:21:50 2000 +0000

description:
Pullup 1.13 [sommerfeld]:
Allow changing of settings via ioctl only for the superuser.
Fixes PR security/11524.

diffstat:

 sys/net/if_gre.c |  17 +++++++++++++++--
 1 files changed, 15 insertions(+), 2 deletions(-)

diffs (80 lines):

diff -r ebeef668ef79 -r 06790eca72b0 sys/net/if_gre.c
--- a/sys/net/if_gre.c  Sun Nov 19 20:21:09 2000 +0000
+++ b/sys/net/if_gre.c  Sun Nov 19 20:21:50 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_gre.c,v 1.9.6.1 2000/08/25 01:13:25 mjl Exp $ */
+/*     $NetBSD: if_gre.c,v 1.9.6.2 2000/11/19 20:21:50 tv Exp $ */
 
 /*
  * Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -58,6 +58,7 @@
 #include <sys/mbuf.h>
 #include <sys/buf.h>
 #include <sys/dkstat.h>
+#include <sys/proc.h>
 #include <sys/protosw.h>
 #include <sys/socket.h>
 #include <sys/ioctl.h>
@@ -325,7 +326,7 @@
 int
 gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 {
-
+       struct proc *p = curproc;       /* XXX */
        struct ifaddr *ifa = (struct ifaddr *)data;
        struct ifreq *ifr = (struct ifreq *)data;
        struct in_ifaddr *ia = (struct in_ifaddr *)data;
@@ -341,6 +342,8 @@
        switch(cmd) {
        case SIOCSIFADDR:               
        case SIOCSIFDSTADDR:    
+               if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+                       break;
                /* 
                  * set tunnel endpoints in case that we "only"
                  * have ip over ip encapsulation. This allows to
@@ -360,6 +363,8 @@
                }
                break;
        case SIOCSIFFLAGS:
+               if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+                       break;
                if ((sc->g_dst.s_addr == INADDR_ANY) || 
                    (sc->g_src.s_addr == INADDR_ANY))
                        ifp->if_flags &= ~IFF_UP;
@@ -378,6 +383,8 @@
                }
                break;
        case SIOCSIFMTU: 
+               if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+                       break;
                if (ifr->ifr_mtu > GREMTU || ifr->ifr_mtu < 576) {
                        error = EINVAL;
                        break;
@@ -389,6 +396,8 @@
                break;
        case SIOCADDMULTI:
        case SIOCDELMULTI:
+               if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+                       break;
                if (ifr == 0) {
                        error = EAFNOSUPPORT;
                        break;
@@ -404,6 +413,8 @@
                }
                break;
        case GRESPROTO:
+               if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+                       break;
                sc->g_proto = ifr->ifr_flags;
                switch (sc->g_proto) {
                case IPPROTO_GRE :
@@ -423,6 +434,8 @@
                break;
        case GRESADDRS:
        case GRESADDRD:
+               if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+                       break;
                /*
                 * set tunnel endpoints, compute a less specific route
                 * to the remote end and mark if as up

Prev by Date: [src/netbsd-1-5]: src/distrib/miniroot Pullup 1.20 [pk]:
Next by Date: [src/netbsd-1-5]: src/distrib/sparc Pullup 1.16 and 1.17 [pk]:
Previous by Thread: [src/netbsd-1-5]: src/distrib/miniroot Pullup 1.20 [pk]:
Next by Thread: [src/netbsd-1-5]: src/distrib/sparc Pullup 1.16 and 1.17 [pk]:
Indexes:

Home | Main Index | Thread Index | Old Index