d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow the MDIOCATTACH ioctl operation to originate from within the kernel.

Browse Source 
To protect against malicious software, we demand that the file name is at
a particular location (i.e. appended to the mdio structure) for it to be
treated as in-kernel.
This commit is contained in:
Marcel Moolenaar 2010-10-18 04:26:32 +00:00
parent 4b26f3413e
commit 3d5c947d9d
1 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
sys/dev/md/md.c
View File

@ -909,18 +909,26 @@ mdcreate_vnode(struct md_s *sc, struct md_ioctl *mdio, struct thread *td)
{
struct vattr vattr;
struct nameidata nd;
char *fname;
int error, flags, vfslocked;
error = copyinstr(mdio->md_file, sc->file, sizeof(sc->file), NULL);
if (error != 0)
return (error);
flags = FREAD|FWRITE;
/*
* If the user specified that this is a read only device, unset the
* FWRITE mask before trying to open the backing store.
* Kernel-originated requests must have the filename appended
* to the mdio structure to protect against malicious software.
*/
if ((mdio->md_options & MD_READONLY) != 0)
flags &= ~FWRITE;
fname = mdio->md_file;
if ((void *)fname != (void *)(mdio + 1)) {
error = copyinstr(fname, sc->file, sizeof(sc->file), NULL);
if (error != 0)
return (error);
} else
strlcpy(sc->file, fname, sizeof(sc->file));
/*
* If the user specified that this is a read only device, don't
* set the FWRITE mask before trying to open the backing store.
*/
flags = FREAD | ((mdio->md_options & MD_READONLY) ? 0 : FWRITE);
NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE, UIO_SYSSPACE, sc->file, td);
error = vn_open(&nd, &flags, 0, NULL);
if (error != 0)