Hide the outer IP addresses of a tunnel interfaces (gif(4), gre(4))

from processes inside jails if the addresses do not belong to the jail. Originally reported by: Pieter de Boer via remko PR: kern/151119 Tested by: Piotr KUCHARSKI (nospam 42.pl) [gif] MFC after: 1 week
2011-03-02 21:39:08 +00:00 · 2011-03-02 21:39:08 +00:00 · 209ebad7af
commit 209ebad7af
parent d456b2027b
2 changed files with 26 additions and 0 deletions
--- a/sys/net/if_gif.c
+++ b/sys/net/if_gif.c
@ -35,6 +35,7 @@

 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/jail.h>
 #include <sys/kernel.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
@ -817,6 +818,12 @@ gif_ioctl(ifp, cmd, data)
 		}
 		if (src->sa_len > size)
 			return EINVAL;
+		error = prison_if(curthread->td_ucred, src);
+		if (error != 0)
+			return (error);
+		error = prison_if(curthread->td_ucred, dst);
+		if (error != 0)
+			return (error);
 		bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
 #ifdef INET6
 		if (dst->sa_family == AF_INET6) {
--- a/sys/net/if_gre.c
+++ b/sys/net/if_gre.c
@ -46,6 +46,7 @@
 #include "opt_inet6.h"

 #include <sys/param.h>
+#include <sys/jail.h>
 #include <sys/kernel.h>
 #include <sys/malloc.h>
 #include <sys/module.h>
@ -636,6 +637,9 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		si.sin_len = sizeof(struct sockaddr_in);
 		si.sin_addr.s_addr = sc->g_src.s_addr;
 		sa = sintosa(&si);
+		error = prison_if(curthread->td_ucred, sa);
+		if (error != 0)
+			break;
 		ifr->ifr_addr = *sa;
 		break;
 	case GREGADDRD:
@ -644,6 +648,9 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		si.sin_len = sizeof(struct sockaddr_in);
 		si.sin_addr.s_addr = sc->g_dst.s_addr;
 		sa = sintosa(&si);
+		error = prison_if(curthread->td_ucred, sa);
+		if (error != 0)
+			break;
 		ifr->ifr_addr = *sa;
 		break;
 	case SIOCSIFPHYADDR:
@ -707,8 +714,14 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		si.sin_family = AF_INET;
 		si.sin_len = sizeof(struct sockaddr_in);
 		si.sin_addr.s_addr = sc->g_src.s_addr;
+		error = prison_if(curthread->td_ucred, (struct sockaddr *)&si);
+		if (error != 0)
+			break;
 		memcpy(&lifr->addr, &si, sizeof(si));
 		si.sin_addr.s_addr = sc->g_dst.s_addr;
+		error = prison_if(curthread->td_ucred, (struct sockaddr *)&si);
+		if (error != 0)
+			break;
 		memcpy(&lifr->dstaddr, &si, sizeof(si));
 		break;
 	case SIOCGIFPSRCADDR:
@ -723,6 +736,9 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		si.sin_family = AF_INET;
 		si.sin_len = sizeof(struct sockaddr_in);
 		si.sin_addr.s_addr = sc->g_src.s_addr;
+		error = prison_if(curthread->td_ucred, (struct sockaddr *)&si);
+		if (error != 0)
+			break;
 		bcopy(&si, &ifr->ifr_addr, sizeof(ifr->ifr_addr));
 		break;
 	case SIOCGIFPDSTADDR:
@ -737,6 +753,9 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		si.sin_family = AF_INET;
 		si.sin_len = sizeof(struct sockaddr_in);
 		si.sin_addr.s_addr = sc->g_dst.s_addr;
+		error = prison_if(curthread->td_ucred, (struct sockaddr *)&si);
+		if (error != 0)
+			break;
 		bcopy(&si, &ifr->ifr_addr, sizeof(ifr->ifr_addr));
 		break;
 	case GRESKEY: