Module Name: src
Committed By: riz
Date: Thu Mar 14 21:56:41 UTC 2013
Modified Files:
src/sys/secmodel/extensions [netbsd-6-0]: secmodel_extensions.c
Log Message:
Pull up following revision(s) (requested by martin in ticket #839):
sys/secmodel/extensions/secmodel_extensions.c: revision 1.5
Make the callback deal with embryonic connections which do not have
credentials yet. Fixes PR kern/47598.
To generate a diff of this commit:
cvs rdiff -u -r1.2.8.1 -r1.2.8.2 \
src/sys/secmodel/extensions/secmodel_extensions.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/secmodel/extensions/secmodel_extensions.c
diff -u src/sys/secmodel/extensions/secmodel_extensions.c:1.2.8.1 src/sys/secmodel/extensions/secmodel_extensions.c:1.2.8.2
--- src/sys/secmodel/extensions/secmodel_extensions.c:1.2.8.1 Fri Feb 8 23:04:01 2013
+++ src/sys/secmodel/extensions/secmodel_extensions.c Thu Mar 14 21:56:41 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_extensions.c,v 1.2.8.1 2013/02/08 23:04:01 riz Exp $ */
+/* $NetBSD: secmodel_extensions.c,v 1.2.8.2 2013/03/14 21:56:41 riz Exp $ */
/*-
* Copyright (c) 2011 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.2.8.1 2013/02/08 23:04:01 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.2.8.2 2013/03/14 21:56:41 riz Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -461,6 +461,9 @@ secmodel_extensions_network_cb(kauth_cre
if (curtain != 0) {
struct socket *so = (struct socket *)arg1;
+ if (__predict_false(so == NULL || so->so_cred == NULL))
+ return KAUTH_RESULT_DENY;
+
if (!kauth_cred_uidmatch(cred, so->so_cred)) {
int error;
bool isroot = false;
