Audit sockaddr argument for bind(2), connect(2), accept(2), sendto(2) and
recvfrom(2) syscalls. Sponsored by: The FreeBSD Foundation
This commit is contained in:
parent
82b316b377
commit
fbda3d5dae
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=246448
@ -238,6 +238,7 @@ kern_bind(td, fd, sa)
|
|||||||
int error;
|
int error;
|
||||||
|
|
||||||
AUDIT_ARG_FD(fd);
|
AUDIT_ARG_FD(fd);
|
||||||
|
AUDIT_ARG_SOCKADDR(td, sa);
|
||||||
error = getsock_cap(td->td_proc->p_fd, fd, CAP_BIND, &fp, NULL);
|
error = getsock_cap(td->td_proc->p_fd, fd, CAP_BIND, &fp, NULL);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
@ -452,6 +453,7 @@ kern_accept(struct thread *td, int s, struct sockaddr **name,
|
|||||||
*namelen = 0;
|
*namelen = 0;
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
AUDIT_ARG_SOCKADDR(td, sa);
|
||||||
if (name) {
|
if (name) {
|
||||||
/* check sa_len before it is destroyed */
|
/* check sa_len before it is destroyed */
|
||||||
if (*namelen > sa->sa_len)
|
if (*namelen > sa->sa_len)
|
||||||
@ -547,6 +549,7 @@ kern_connect(td, fd, sa)
|
|||||||
int interrupted = 0;
|
int interrupted = 0;
|
||||||
|
|
||||||
AUDIT_ARG_FD(fd);
|
AUDIT_ARG_FD(fd);
|
||||||
|
AUDIT_ARG_SOCKADDR(td, sa);
|
||||||
error = getsock_cap(td->td_proc->p_fd, fd, CAP_CONNECT, &fp, NULL);
|
error = getsock_cap(td->td_proc->p_fd, fd, CAP_CONNECT, &fp, NULL);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
@ -763,8 +766,10 @@ kern_sendit(td, s, mp, flags, control, segflg)
|
|||||||
|
|
||||||
AUDIT_ARG_FD(s);
|
AUDIT_ARG_FD(s);
|
||||||
rights = CAP_WRITE;
|
rights = CAP_WRITE;
|
||||||
if (mp->msg_name != NULL)
|
if (mp->msg_name != NULL) {
|
||||||
|
AUDIT_ARG_SOCKADDR(td, mp->msg_name);
|
||||||
rights |= CAP_CONNECT;
|
rights |= CAP_CONNECT;
|
||||||
|
}
|
||||||
error = getsock_cap(td->td_proc->p_fd, s, rights, &fp, NULL);
|
error = getsock_cap(td->td_proc->p_fd, s, rights, &fp, NULL);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
@ -1009,6 +1014,8 @@ kern_recvit(td, s, mp, fromseg, controlp)
|
|||||||
error == EINTR || error == EWOULDBLOCK))
|
error == EINTR || error == EWOULDBLOCK))
|
||||||
error = 0;
|
error = 0;
|
||||||
}
|
}
|
||||||
|
if (fromsa != NULL)
|
||||||
|
AUDIT_ARG_SOCKADDR(td, fromsa);
|
||||||
#ifdef KTRACE
|
#ifdef KTRACE
|
||||||
if (ktruio != NULL) {
|
if (ktruio != NULL) {
|
||||||
ktruio->uio_resid = len - auio.uio_resid;
|
ktruio->uio_resid = len - auio.uio_resid;
|
||||||
|
Loading…
Reference in New Issue
Block a user