CVS commit: src/sys/kern

Mon, 30 May 2011 17:15:37 -0700 

Module Name:    src
Committed By:   rmind
Date:           Tue May 31 00:15:28 UTC 2011

Modified Files:
        src/sys/kern: kern_resource.c

Log Message:
sysctl_proc_corename: perform KAUTH_PROCESS_CORENAME check (for set case)
after the new name is copied into cnbuf.  Spotted by enami@.


To generate a diff of this commit:
cvs rdiff -u -r1.165 -r1.166 src/sys/kern/kern_resource.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/kern_resource.c
diff -u src/sys/kern/kern_resource.c:1.165 src/sys/kern/kern_resource.c:1.166
--- src/sys/kern/kern_resource.c:1.165	Tue May 24 01:19:48 2011
+++ src/sys/kern/kern_resource.c	Tue May 31 00:15:28 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_resource.c,v 1.165 2011/05/24 01:19:48 mrg Exp $	*/
+/*	$NetBSD: kern_resource.c,v 1.166 2011/05/31 00:15:28 rmind Exp $	*/
 
 /*-
  * Copyright (c) 1982, 1986, 1991, 1993
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_resource.c,v 1.165 2011/05/24 01:19:48 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_resource.c,v 1.166 2011/05/31 00:15:28 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -838,15 +838,6 @@
 		strlcpy(cnbuf, lim->pl_corename, MAXPATHLEN);
 		mutex_exit(&lim->pl_lock);
 	}
-	if (newp) {
-		/* Set case: just use the temporary buffer. */
-		error = kauth_authorize_process(l->l_cred,
-		    KAUTH_PROCESS_CORENAME, p,
-		    KAUTH_ARG(KAUTH_REQ_PROCESS_CORENAME_SET), cnbuf, NULL);
-		if (error) {
-			goto done;
-		}
-	}
 
 	node = *rnode;
 	node.sysctl_data = cnbuf;
@@ -858,9 +849,14 @@
 	}
 
 	/*
-	 * Validate new core name.  It must be either "core", "/core",
-	 * or end in ".core".
+	 * Set case.  Check permission and then validate new core name.
+	 * It must be either "core", "/core", or end in ".core".
 	 */
+	error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CORENAME,
+	    p, KAUTH_ARG(KAUTH_REQ_PROCESS_CORENAME_SET), cnbuf, NULL);
+	if (error) {
+		goto done;
+	}
 	len = strlen(cnbuf);
 	if ((len < 4 || strcmp(cnbuf + len - 4, "core") != 0) ||
 	    (len > 4 && cnbuf[len - 5] != '/' && cnbuf[len - 5] != '.')) {

Reply via email to