o There are two methods to get a process credentials over the unix
sockets: 1) A sender sends SCM_CREDS message to a reciever, struct cmsgcred; 2) A reciever sets LOCAL_CREDS socket option and gets sender credentials in control message, struct sockcred. Both methods use the same control message type SCM_CREDS with the same control message level SOL_SOCKET, so they are indistinguishable for the receiver. A difference in struct cmsgcred and struct sockcred layouts may lead to unwanted effects. Now for sockets with LOCAL_CREDS option remove all previous linked SCM_CREDS control messages and then add a control message with struct sockcred so the process specifically asked for the peer credentials by LOCAL_CREDS option always gets struct sockcred. PR: kern/90800 Submitted by: Andrey Simonenko Regres. tests: tools/regression/sockets/unix_cmsg/ MFC after: 1 month
This commit is contained in:
parent
c3a252361a
commit
70df31f4de
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=159575
@ -1498,8 +1498,9 @@ unp_internalize(struct mbuf **controlp, struct thread *td)
|
||||
struct mbuf *
|
||||
unp_addsockcred(struct thread *td, struct mbuf *control)
|
||||
{
|
||||
struct mbuf *m, *n;
|
||||
struct mbuf *m, *n, *n_prev;
|
||||
struct sockcred *sc;
|
||||
const struct cmsghdr *cm;
|
||||
int ngroups;
|
||||
int i;
|
||||
|
||||
@ -1508,7 +1509,6 @@ unp_addsockcred(struct thread *td, struct mbuf *control)
|
||||
m = sbcreatecontrol(NULL, SOCKCREDSIZE(ngroups), SCM_CREDS, SOL_SOCKET);
|
||||
if (m == NULL)
|
||||
return (control);
|
||||
m->m_next = NULL;
|
||||
|
||||
sc = (struct sockcred *) CMSG_DATA(mtod(m, struct cmsghdr *));
|
||||
sc->sc_uid = td->td_ucred->cr_ruid;
|
||||
@ -1520,16 +1520,30 @@ unp_addsockcred(struct thread *td, struct mbuf *control)
|
||||
sc->sc_groups[i] = td->td_ucred->cr_groups[i];
|
||||
|
||||
/*
|
||||
* If a control message already exists, append us to the end.
|
||||
* Unlink SCM_CREDS control messages (struct cmsgcred), since
|
||||
* just created SCM_CREDS control message (struct sockcred) has
|
||||
* another format.
|
||||
*/
|
||||
if (control != NULL) {
|
||||
for (n = control; n->m_next != NULL; n = n->m_next)
|
||||
;
|
||||
n->m_next = m;
|
||||
} else
|
||||
control = m;
|
||||
if (control != NULL)
|
||||
for (n = control, n_prev = NULL; n != NULL;) {
|
||||
cm = mtod(n, struct cmsghdr *);
|
||||
if (cm->cmsg_level == SOL_SOCKET &&
|
||||
cm->cmsg_type == SCM_CREDS) {
|
||||
if (n_prev == NULL)
|
||||
control = n->m_next;
|
||||
else
|
||||
n_prev->m_next = n->m_next;
|
||||
n = m_free(n);
|
||||
} else {
|
||||
n_prev = n;
|
||||
n = n->m_next;
|
||||
}
|
||||
}
|
||||
|
||||
return (control);
|
||||
/* Prepend it to the head. */
|
||||
m->m_next = control;
|
||||
|
||||
return (m);
|
||||
}
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user