Module Name: src Committed By: riz Date: Thu Mar 14 21:56:41 UTC 2013
Modified Files: src/sys/secmodel/extensions [netbsd-6-0]: secmodel_extensions.c Log Message: Pull up following revision(s) (requested by martin in ticket #839): sys/secmodel/extensions/secmodel_extensions.c: revision 1.5 Make the callback deal with embryonic connections which do not have credentials yet. Fixes PR kern/47598. To generate a diff of this commit: cvs rdiff -u -r1.2.8.1 -r1.2.8.2 \ src/sys/secmodel/extensions/secmodel_extensions.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/secmodel/extensions/secmodel_extensions.c diff -u src/sys/secmodel/extensions/secmodel_extensions.c:1.2.8.1 src/sys/secmodel/extensions/secmodel_extensions.c:1.2.8.2 --- src/sys/secmodel/extensions/secmodel_extensions.c:1.2.8.1 Fri Feb 8 23:04:01 2013 +++ src/sys/secmodel/extensions/secmodel_extensions.c Thu Mar 14 21:56:41 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_extensions.c,v 1.2.8.1 2013/02/08 23:04:01 riz Exp $ */ +/* $NetBSD: secmodel_extensions.c,v 1.2.8.2 2013/03/14 21:56:41 riz Exp $ */ /*- * Copyright (c) 2011 Elad Efrat <e...@netbsd.org> * All rights reserved. @@ -27,7 +27,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.2.8.1 2013/02/08 23:04:01 riz Exp $"); +__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.2.8.2 2013/03/14 21:56:41 riz Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -461,6 +461,9 @@ secmodel_extensions_network_cb(kauth_cre if (curtain != 0) { struct socket *so = (struct socket *)arg1; + if (__predict_false(so == NULL || so->so_cred == NULL)) + return KAUTH_RESULT_DENY; + if (!kauth_cred_uidmatch(cred, so->so_cred)) { int error; bool isroot = false;