d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a missing priv check in key_attach to prevent non-su users

Browse Source 
from messing with the spdb and sadb.

Problem sneaked in with the fast_ipsec+v6->ipsec merger by no
longer going via raw_usrreqs.pr_attach.

Reported by:	Pawel Worach
Identified by:	rwatson
Reviewed by:	rwatson
MFC after:	3 days
This commit is contained in:
Bjoern A. Zeeb 2007-11-12 23:47:48 +00:00
parent dbac8ff400
commit 190320e237
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/netipsec/keysock.c
View File

@ -43,6 +43,7 @@
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/mutex.h>
#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/signalvar.h>
#include <sys/socket.h>
@ -392,6 +393,12 @@ key_attach(struct socket *so, int proto, struct thread *td)
return ENOBUFS;
so->so_pcb = (caddr_t)kp;
if (td != NULL) {
error = priv_check(td, PRIV_NET_RAW);
if (error)
return error;
}
error = raw_attach(so, proto);
kp = (struct keycb *)sotorawcb(so);
if (error) {