CVS commit: src/sys/net

Tue, 12 May 2009 16:03:30 -0700 

Module Name:    src
Committed By:   elad
Date:           Tue May 12 23:03:25 UTC 2009

Modified Files:
        src/sys/net: if_bridge.c

Log Message:
Move kauth(9) call before going into splnet().

Mailing list reference:

        http://mail-index.netbsd.org/tech-net/2009/05/08/msg001286.html


To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 src/sys/net/if_bridge.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/if_bridge.c
diff -u src/sys/net/if_bridge.c:1.68 src/sys/net/if_bridge.c:1.69
--- src/sys/net/if_bridge.c:1.68	Sat Apr  4 15:53:49 2009
+++ src/sys/net/if_bridge.c	Tue May 12 23:03:24 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_bridge.c,v 1.68 2009/04/04 15:53:49 bouyer Exp $	*/
+/*	$NetBSD: if_bridge.c,v 1.69 2009/05/12 23:03:24 elad Exp $	*/
 
 /*
  * Copyright 2001 Wasabi Systems, Inc.
@@ -80,7 +80,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.68 2009/04/04 15:53:49 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.69 2009/05/12 23:03:24 elad Exp $");
 
 #include "opt_bridge_ipf.h"
 #include "opt_inet.h"
@@ -445,11 +445,10 @@
 		struct ifbrparam ifbrparam;
 	} args;
 	struct ifdrv *ifd = (struct ifdrv *) data;
-	const struct bridge_control *bc;
+	const struct bridge_control *bc = NULL; /* XXXGCC */
 	int s, error = 0;
 
-	s = splnet();
-
+	/* Authorize command before calling splnet(). */
 	switch (cmd) {
 	case SIOCGDRVSPEC:
 	case SIOCSDRVSPEC:
@@ -457,8 +456,26 @@
 			error = EINVAL;
 			break;
 		}
+
 		bc = &bridge_control_table[ifd->ifd_cmd];
 
+		/* We only care about BC_F_SUSER at this point. */
+		if ((bc->bc_flags & BC_F_SUSER) == 0)
+			break;
+
+		error = kauth_authorize_generic(l->l_cred,
+		    KAUTH_GENERIC_ISSUSER, NULL);
+		if (error)
+			return (error);
+
+		break;
+	}
+
+	s = splnet();
+
+	switch (cmd) {
+	case SIOCGDRVSPEC:
+	case SIOCSDRVSPEC:
 		if (cmd == SIOCGDRVSPEC &&
 		    (bc->bc_flags & BC_F_COPYOUT) == 0) {
 			error = EINVAL;
@@ -470,12 +487,7 @@
 			break;
 		}
 
-		if (bc->bc_flags & BC_F_SUSER) {
-			error = kauth_authorize_generic(l->l_cred,
-			    KAUTH_GENERIC_ISSUSER, NULL);
-			if (error)
-				break;
-		}
+		/* BC_F_SUSER is checked above, before splnet(). */
 
 		if (ifd->ifd_len != bc->bc_argsize ||
 		    ifd->ifd_len > sizeof(args)) {

Reply via email to