Implement socket delivery MAC checks for IPX/SPX.

Obtained from: TrustedBSD Project MFC after: 3 days
2009-06-20 23:38:21 +00:00 · 2009-06-20 23:38:21 +00:00 · da67353208
commit da67353208
parent e3cb9d1015
2 changed files with 11 additions and 0 deletions
--- a/sys/netipx/ipx_usrreq.c
+++ b/sys/netipx/ipx_usrreq.c
@ -187,6 +187,12 @@ ipx_input(struct mbuf *m, struct ipxpcb *ipxp)
 		m->m_pkthdr.len -= sizeof(struct ipx);
 		m->m_data += sizeof(struct ipx);
 	}
+#ifdef MAC
+	if (mac_socket_check_deliver(ipxp->ipxp_socket, m) != 0) {
+		m_freem(m);
+		return;
+	}
+#endif
 	if (sbappendaddr(&ipxp->ipxp_socket->so_rcv,
 	    (struct sockaddr *)&ipx_ipx, m, NULL) == 0)
 		m_freem(m);
--- a/sys/netipx/spx_usrreq.c
+++ b/sys/netipx/spx_usrreq.c
@ -225,6 +225,11 @@ spx_input(struct mbuf *m, struct ipxpcb *ipxp)
 	so = ipxp->ipxp_socket;
 	KASSERT(so != NULL, ("spx_input: so == NULL"));

+#ifdef MAC
+	if (mac_socket_check_deliver(so, m) != 0)
+		goto drop;
+#endif
+
 	if (so->so_options & SO_DEBUG || traceallspxs) {
 		ostate = cb->s_state;
 		spx_savesi = *si;