CVS commit: [netbsd-9] src/sys

Tue, 17 Dec 2019 08:13:58 -0800 

Module Name:    src
Committed By:   martin
Date:           Tue Dec 17 16:12:54 UTC 2019

Modified Files:
        src/sys/dev/ic [netbsd-9]: ath.c
        src/sys/dev/usb [netbsd-9]: if_umb.c
        src/sys/net [netbsd-9]: if.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #569):

        sys/dev/usb/if_umb.c: revision 1.10
        sys/net/if.c: revision 1.466
        sys/dev/ic/ath.c: revision 1.129

Protect network ioctls from non-authorized users. (Ilja Van Sprundel)


To generate a diff of this commit:
cvs rdiff -u -r1.127 -r1.127.2.1 src/sys/dev/ic/ath.c
cvs rdiff -u -r1.9 -r1.9.2.1 src/sys/dev/usb/if_umb.c
cvs rdiff -u -r1.457.2.2 -r1.457.2.3 src/sys/net/if.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/dev/ic/ath.c
diff -u src/sys/dev/ic/ath.c:1.127 src/sys/dev/ic/ath.c:1.127.2.1
--- src/sys/dev/ic/ath.c:1.127	Tue May 28 07:41:48 2019
+++ src/sys/dev/ic/ath.c	Tue Dec 17 16:12:54 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: ath.c,v 1.127 2019/05/28 07:41:48 msaitoh Exp $	*/
+/*	$NetBSD: ath.c,v 1.127.2.1 2019/12/17 16:12:54 martin Exp $	*/
 
 /*-
  * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
@@ -41,7 +41,7 @@
 __FBSDID("$FreeBSD: src/sys/dev/ath/if_ath.c,v 1.104 2005/09/16 10:09:23 ru Exp $");
 #endif
 #ifdef __NetBSD__
-__KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.127 2019/05/28 07:41:48 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.127.2.1 2019/12/17 16:12:54 martin Exp $");
 #endif
 
 /*
@@ -69,6 +69,7 @@ __KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.12
 #include <sys/callout.h>
 #include <sys/bus.h>
 #include <sys/endian.h>
+#include <sys/kauth.h>
 
 #include <net/if.h>
 #include <net/if_dl.h>
@@ -5441,6 +5442,12 @@ ath_ioctl(struct ifnet *ifp, u_long cmd,
 		return copyout(&sc->sc_stats,
 				ifr->ifr_data, sizeof (sc->sc_stats));
 	case SIOCGATHDIAG:
+		error = kauth_authorize_network(curlwp->l_cred,
+		    KAUTH_NETWORK_INTERFACE,
+		    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
+		    NULL);
+		if (error)
+			break;
 		error = ath_ioctl_diag(sc, (struct ath_diag *) ifr);
 		break;
 	default:

Index: src/sys/dev/usb/if_umb.c
diff -u src/sys/dev/usb/if_umb.c:1.9 src/sys/dev/usb/if_umb.c:1.9.2.1
--- src/sys/dev/usb/if_umb.c:1.9	Wed Jun 26 22:58:58 2019
+++ src/sys/dev/usb/if_umb.c	Tue Dec 17 16:12:53 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_umb.c,v 1.9 2019/06/26 22:58:58 khorben Exp $ */
+/*	$NetBSD: if_umb.c,v 1.9.2.1 2019/12/17 16:12:53 martin Exp $ */
 /*	$OpenBSD: if_umb.c,v 1.20 2018/09/10 17:00:45 gerhard Exp $ */
 
 /*
@@ -26,7 +26,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_umb.c,v 1.9 2019/06/26 22:58:58 khorben Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_umb.c,v 1.9.2.1 2019/12/17 16:12:53 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -779,6 +779,12 @@ umb_ioctl(struct ifnet *ifp, u_long cmd,
 		usb_add_task(sc->sc_udev, &sc->sc_umb_task, USB_TASKQ_DRIVER);
 		break;
 	case SIOCGUMBINFO:
+		error = kauth_authorize_network(curlwp->l_cred,
+		    KAUTH_NETWORK_INTERFACE,
+		    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
+		    NULL);
+		if (error)
+			break;
 		error = copyout(&sc->sc_info, ifr->ifr_data,
 		    sizeof(sc->sc_info));
 		break;

Index: src/sys/net/if.c
diff -u src/sys/net/if.c:1.457.2.2 src/sys/net/if.c:1.457.2.3
--- src/sys/net/if.c:1.457.2.2	Tue Sep 24 03:10:35 2019
+++ src/sys/net/if.c	Tue Dec 17 16:12:54 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: if.c,v 1.457.2.2 2019/09/24 03:10:35 martin Exp $	*/
+/*	$NetBSD: if.c,v 1.457.2.3 2019/12/17 16:12:54 martin Exp $	*/
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.457.2.2 2019/09/24 03:10:35 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.457.2.3 2019/12/17 16:12:54 martin Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -2971,7 +2971,9 @@ ifioctl_common(struct ifnet *ifp, u_long
 	struct ifreq *ifr;
 	struct ifcapreq *ifcr;
 	struct ifdatareq *ifdr;
-
+	char *descr;
+	int error;
+ 
 	switch (cmd) {
 	case SIOCSIFCAP:
 		ifcr = data;
@@ -3120,55 +3122,53 @@ ifioctl_common(struct ifnet *ifp, u_long
 #endif
 		return ENETRESET;
 	case SIOCSIFDESCR:
-		{
-			char *descrbuf;
+		error = kauth_authorize_network(curlwp->l_cred,
+		    KAUTH_NETWORK_INTERFACE,
+		    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
+		    NULL);
+		if (error)
+			return error;
 
- 			ifr = data;
+		ifr = data;
 
- 			if (ifr->ifr_buflen > IFDESCRSIZE)
-				return ENAMETOOLONG;
+		if (ifr->ifr_buflen > IFDESCRSIZE)
+			return ENAMETOOLONG;
 
- 			if (ifr->ifr_buf == NULL || ifr->ifr_buflen == 0) {
-				/* unset description */
-				descrbuf = NULL;
-			} else {
-				int error;
-
- 				descrbuf = kmem_zalloc(IFDESCRSIZE, KM_SLEEP);
-				/* copy (IFDESCRSIZE - 1) bytes to ensure terminating nul */
-				error = copyin(ifr->ifr_buf, descrbuf, IFDESCRSIZE - 1);
-				if (error) {
-					kmem_free(descrbuf, IFDESCRSIZE);
-					return error;
-				}
+		if (ifr->ifr_buf == NULL || ifr->ifr_buflen == 0) {
+			/* unset description */
+			descr = NULL;
+		} else {
+			descr = kmem_zalloc(IFDESCRSIZE, KM_SLEEP);
+			/*
+			 * copy (IFDESCRSIZE - 1) bytes to ensure
+			 * terminating nul
+			 */
+			error = copyin(ifr->ifr_buf, descr, IFDESCRSIZE - 1);
+			if (error) {
+				kmem_free(descr, IFDESCRSIZE);
+				return error;
 			}
+		}
 
- 			if (ifp->if_description != NULL)
-				kmem_free(ifp->if_description, IFDESCRSIZE);
+		if (ifp->if_description != NULL)
+			kmem_free(ifp->if_description, IFDESCRSIZE);
 
- 			ifp->if_description = descrbuf;
-		}
+		ifp->if_description = descr;
 		break;
 
  	case SIOCGIFDESCR:
-		{
-			char *descr;
+		ifr = data;
+		descr = ifp->if_description;
 
- 			ifr = data;
-			descr = ifp->if_description;
+		if (descr == NULL)
+			return ENOMSG;
 
- 			if (descr == NULL)
-				return ENOMSG;
+		if (ifr->ifr_buflen < IFDESCRSIZE)
+			return EINVAL;
 
- 			if (ifr->ifr_buflen < IFDESCRSIZE)
-				return EINVAL;
-			else {
-				int error;
-				error = copyout(descr, ifr->ifr_buf, IFDESCRSIZE);
-				if (error)
-					return error;
-			}
-		}
+		error = copyout(descr, ifr->ifr_buf, IFDESCRSIZE);
+		if (error)
+			return error;
  		break;
 
 	default:
@@ -3191,10 +3191,13 @@ ifaddrpref_ioctl(struct socket *so, u_lo
 
 	switch (cmd) {
 	case SIOCSIFADDRPREF:
-		if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE,
-		    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
-		    NULL) != 0)
-			return EPERM;
+		error = kauth_authorize_network(curlwp->l_cred,
+		    KAUTH_NETWORK_INTERFACE,
+		    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
+		    NULL);
+		if (error)
+			return error;
+		break;
 	case SIOCGIFADDRPREF:
 		break;
 	default:
@@ -3305,7 +3308,7 @@ doifioctl(struct socket *so, u_long cmd,
 			error = kauth_authorize_network(l->l_cred,
 			    KAUTH_NETWORK_INTERFACE,
 			    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp,
-			    (void *)cmd, NULL);
+			    KAUTH_ARG(cmd), NULL);
 			if (ifp != NULL)
 				if_put(ifp, &psref);
 			if (error != 0) {
@@ -3370,7 +3373,7 @@ doifioctl(struct socket *so, u_long cmd,
 			error = kauth_authorize_network(l->l_cred,
 			    KAUTH_NETWORK_INTERFACE,
 			    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp,
-			    (void *)cmd, NULL);
+			    KAUTH_ARG(cmd), NULL);
 			if (error != 0)
 				goto out;
 		}

Reply via email to