On Tue, Jan 28, 2020 at 10:44:25PM +0000, Kristof Provost wrote: K> Author: kp K> Date: Tue Jan 28 22:44:24 2020 K> New Revision: 357233 K> URL: https://svnweb.freebsd.org/changeset/base/357233 K> K> Log: K> epair: Do not abuse params to register the second interface K> K> if_epair used the 'params' argument to pass a pointer to the b interface K> through if_clone_create(). K> This pointer can be controlled by userspace, which means it could be abused to K> trigger a panic. While this requires PRIV_NET_IFCREATE K> privileges those are assigned to vnet jails, which means that vnet jails K> could panic the system. K> K> Reported by: Ilja Van Sprundel <ivansprun...@ioactive.com> ... K> Modified: head/sys/net/if_clone.h K> ============================================================================== K> --- head/sys/net/if_clone.h Tue Jan 28 21:46:59 2020 (r357232) K> +++ head/sys/net/if_clone.h Tue Jan 28 22:44:24 2020 (r357233) K> @@ -79,7 +79,8 @@ int if_clone_list(struct if_clonereq *); K> struct if_clone *if_clone_findifc(struct ifnet *); K> void if_clone_addgroup(struct ifnet *, struct if_clone *); K> K> -/* The below interface used only by epair(4). */ K> +/* The below interfaces are used only by epair(4). */ K> +void if_clone_addif(struct if_clone *, struct ifnet *); K> int if_clone_destroyif(struct if_clone *, struct ifnet *);
IMHO, makes sense to move all these declaration into if_epair.c itself. -- Gleb Smirnoff _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
