d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Audit file descriptor numbers for various socket-related system calls.

Browse Source 
Approved by:	re (audit argument blanket)
MFC after:	3 days
This commit is contained in:
Robert Watson 2009-07-01 19:55:11 +00:00
parent 9e4c1521d5
commit 15ca46f69d
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
sys/kern/uipc_syscalls.c
View File

@ -217,6 +217,7 @@ kern_bind(td, fd, sa)
struct file *fp; struct file *fp;
int error; int error;
AUDIT_ARG_FD(fd);
error = getsock(td->td_proc->p_fd, fd, &fp, NULL); error = getsock(td->td_proc->p_fd, fd, &fp, NULL);
if (error) if (error)
return (error); return (error);
@ -247,6 +248,7 @@ listen(td, uap)
struct file *fp; struct file *fp;
int error; int error;
AUDIT_ARG_FD(uap->s);
error = getsock(td->td_proc->p_fd, uap->s, &fp, NULL); error = getsock(td->td_proc->p_fd, uap->s, &fp, NULL);
if (error == 0) { if (error == 0) {
so = fp->f_data; so = fp->f_data;
@ -340,6 +342,7 @@ kern_accept(struct thread *td, int s, struct sockaddr **name,
return (EINVAL); return (EINVAL);
} }
AUDIT_ARG_FD(s);
fdp = td->td_proc->p_fd; fdp = td->td_proc->p_fd;
error = getsock(fdp, s, &headfp, &fflag); error = getsock(fdp, s, &headfp, &fflag);
if (error) if (error)
@ -530,6 +533,7 @@ kern_connect(td, fd, sa)
int error; int error;
int interrupted = 0; int interrupted = 0;
AUDIT_ARG_FD(fd);
error = getsock(td->td_proc->p_fd, fd, &fp, NULL); error = getsock(td->td_proc->p_fd, fd, &fp, NULL);
if (error) if (error)
return (error); return (error);
@ -738,6 +742,7 @@ kern_sendit(td, s, mp, flags, control, segflg)
struct uio *ktruio = NULL; struct uio *ktruio = NULL;
#endif #endif
AUDIT_ARG_FD(s);
error = getsock(td->td_proc->p_fd, s, &fp, NULL); error = getsock(td->td_proc->p_fd, s, &fp, NULL);
if (error) if (error)
return (error); return (error);
@ -937,6 +942,7 @@ kern_recvit(td, s, mp, fromseg, controlp)
if(controlp != NULL) if(controlp != NULL)
*controlp = 0; *controlp = 0;
AUDIT_ARG_FD(s);
error = getsock(td->td_proc->p_fd, s, &fp, NULL); error = getsock(td->td_proc->p_fd, s, &fp, NULL);
if (error) if (error)
return (error); return (error);
@ -1252,6 +1258,7 @@ shutdown(td, uap)
struct file *fp; struct file *fp;
int error; int error;
AUDIT_ARG_FD(uap->s);
error = getsock(td->td_proc->p_fd, uap->s, &fp, NULL); error = getsock(td->td_proc->p_fd, uap->s, &fp, NULL);
if (error == 0) { if (error == 0) {
so = fp->f_data; so = fp->f_data;
@ -1314,6 +1321,7 @@ kern_setsockopt(td, s, level, name, val, valseg, valsize)
panic("kern_setsockopt called with bad valseg"); panic("kern_setsockopt called with bad valseg");
} }
AUDIT_ARG_FD(s);
error = getsock(td->td_proc->p_fd, s, &fp, NULL); error = getsock(td->td_proc->p_fd, s, &fp, NULL);
if (error == 0) { if (error == 0) {
so = fp->f_data; so = fp->f_data;
@ -1394,6 +1402,7 @@ kern_getsockopt(td, s, level, name, val, valseg, valsize)
panic("kern_getsockopt called with bad valseg"); panic("kern_getsockopt called with bad valseg");
} }
AUDIT_ARG_FD(s);
error = getsock(td->td_proc->p_fd, s, &fp, NULL); error = getsock(td->td_proc->p_fd, s, &fp, NULL);
if (error == 0) { if (error == 0) {
so = fp->f_data; so = fp->f_data;
@ -1457,6 +1466,7 @@ kern_getsockname(struct thread *td, int fd, struct sockaddr **sa,
if (*alen < 0) if (*alen < 0)
return (EINVAL); return (EINVAL);
AUDIT_ARG_FD(fd);
error = getsock(td->td_proc->p_fd, fd, &fp, NULL); error = getsock(td->td_proc->p_fd, fd, &fp, NULL);
if (error) if (error)
return (error); return (error);
@ -1556,6 +1566,7 @@ kern_getpeername(struct thread *td, int fd, struct sockaddr **sa,
if (*alen < 0) if (*alen < 0)
return (EINVAL); return (EINVAL);
AUDIT_ARG_FD(fd);
error = getsock(td->td_proc->p_fd, fd, &fp, NULL); error = getsock(td->td_proc->p_fd, fd, &fp, NULL);
if (error) if (error)
return (error); return (error);
@ -1811,6 +1822,7 @@ kern_sendfile(struct thread *td, struct sendfile_args *uap,
* File offset must be positive. If it goes beyond EOF * File offset must be positive. If it goes beyond EOF
* we send only the header/trailer and no payload data. * we send only the header/trailer and no payload data.
*/ */
AUDIT_ARG_FD(uap->fd);
if ((error = fgetvp_read(td, uap->fd, &vp)) != 0) if ((error = fgetvp_read(td, uap->fd, &vp)) != 0)
goto out; goto out;
vfslocked = VFS_LOCK_GIANT(vp->v_mount); vfslocked = VFS_LOCK_GIANT(vp->v_mount);
@ -2285,6 +2297,7 @@ sctp_peeloff(td, uap)
u_int fflag; u_int fflag;
fdp = td->td_proc->p_fd; fdp = td->td_proc->p_fd;
AUDIT_ARG_FD(uap->sd);
error = fgetsock(td, uap->sd, &head, &fflag); error = fgetsock(td, uap->sd, &head, &fflag);
if (error) if (error)
goto done2; goto done2;
@ -2392,6 +2405,7 @@ sctp_generic_sendmsg (td, uap)
} }
} }
AUDIT_ARG_FD(uap->sd);
error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL); error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL);
if (error) if (error)
goto sctp_bad; goto sctp_bad;
@ -2493,6 +2507,7 @@ sctp_generic_sendmsg_iov(td, uap)
} }
} }
AUDIT_ARG_FD(uap->sd);
error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL); error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL);
if (error) if (error)
goto sctp_bad1; goto sctp_bad1;
@ -2591,6 +2606,8 @@ sctp_generic_recvmsg(td, uap)
#ifdef KTRACE #ifdef KTRACE
struct uio *ktruio = NULL; struct uio *ktruio = NULL;
#endif #endif
AUDIT_ARG_FD(uap->sd);
error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL); error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL);
if (error) { if (error) {
return (error); return (error);