oce: Disallow the passthrough ioctl for unprivileged users.

A missing check meant that unprivileged users could send passthrough commands to the device firmware. Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com> MFC after: 3 days Sponsored by: The FreeBSD Foundation
svn path=/head/; revision=356047
2019-12-23 23:43:50 +00:00 · 2019-12-23 23:43:50 +00:00 · c76ddeeb1c · 2020-12-20 02:59:44 +00:00
commit c76ddeeb1c
parent 19352ba5ad
2 changed files with 4 additions and 0 deletions
--- a/sys/dev/oce/oce_if.c
+++ b/sys/dev/oce/oce_if.c
@ -620,6 +620,9 @@ oce_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
 		break;

 	case SIOCGPRIVATE_0:
+		rc = priv_check(curthread, PRIV_DRIVER);
+		if (rc != 0)
+			break;
 		rc = oce_handle_passthrough(ifp, data);
 		break;
 	default:
--- a/sys/dev/oce/oce_if.h
+++ b/sys/dev/oce/oce_if.h
@ -48,6 +48,7 @@
 #include <sys/kernel.h>
 #include <sys/bus.h>
 #include <sys/mbuf.h>
+#include <sys/priv.h>
 #include <sys/rman.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>