move "privileged port" check out of in(6)_pcbaddrisavail()

Wed, 30 Mar 2016 13:50:31 -0700 

Hello,

This diff moves the "are we binding to a privileged port while not being root ?"
check from in(6)_pcbaddrisavail() to in_pcbbind().

This way we have a cleaner separation between "is the resource available ?"
and "am I allowed to access the resource ?" (which may or may not get its own
function later).

Also, it unbreaks naddy@'s iked setup (ikev2:sendmsg([::]:500) =>
in6_selectsrc() != in6p->inp_laddr6 => in6_pcbaddrisavail() => EPERM).

Ok ?

Index: sys/netinet/in_pcb.c
===================================================================
RCS file: /cvs/src/sys/netinet/in_pcb.c,v
retrieving revision 1.198
diff -u -p -r1.198 in_pcb.c
--- sys/netinet/in_pcb.c        26 Mar 2016 21:56:04 -0000      1.198
+++ sys/netinet/in_pcb.c        30 Mar 2016 20:33:00 -0000
@@ -341,9 +341,14 @@ in_pcbbind(struct inpcb *inp, struct mbu
                }
        }
 
-       if (lport == 0)
+       if (lport == 0) {
                if ((error = in_pcbpickport(&lport, wild, inp, p)))
                        return (error);
+       } else {
+               if (ntohs(lport) < IPPORT_RESERVED &&
+                   (error = suser(p, 0)))
+                       return (EACCES);
+       }
        inp->inp_lport = lport;
        in_pcbrehash(inp);
        return (0);
@@ -357,7 +362,6 @@ in_pcbaddrisavail(struct inpcb *inp, str
        struct inpcbtable *table = inp->inp_table;
        u_int16_t lport = sin->sin_port;
        int reuseport = (so->so_options & SO_REUSEPORT);
-       int error;
 
        if (IN_MULTICAST(sin->sin_addr.s_addr)) {
                /*
@@ -398,9 +402,6 @@ in_pcbaddrisavail(struct inpcb *inp, str
                struct inpcb *t;
 
                /* GROSS */
-               if (ntohs(lport) < IPPORT_RESERVED &&
-                   (error = suser(p, 0)))
-                       return (EACCES);
                if (so->so_euid) {
                        t = in_pcblookup(table, &zeroin_addr, 0,
                            &sin->sin_addr, lport, INPLOOKUP_WILDCARD,
Index: sys/netinet6/in6_pcb.c
===================================================================
RCS file: /cvs/src/sys/netinet6/in6_pcb.c,v
retrieving revision 1.90
diff -u -p -r1.90 in6_pcb.c
--- sys/netinet6/in6_pcb.c      30 Mar 2016 13:02:22 -0000      1.90
+++ sys/netinet6/in6_pcb.c      30 Mar 2016 20:33:01 -0000
@@ -158,7 +158,6 @@ in6_pcbaddrisavail(struct inpcb *inp, st
        struct inpcbtable *table = inp->inp_table;
        u_short lport = sin6->sin6_port;
        int reuseport = (so->so_options & SO_REUSEPORT);
-       int error;
 
        wild |= INPLOOKUP_IPV6;
        /* KAME hack: embed scopeid */
@@ -226,8 +225,6 @@ in6_pcbaddrisavail(struct inpcb *inp, st
                 * finding a process for a socket instead of using
                 * curproc?  (Marked with BSD's {in,}famous XXX ?
                 */
-               if (ntohs(lport) < IPPORT_RESERVED && (error = suser(p, 0)))
-                       return error;
                if (so->so_euid) {
                        t = in_pcblookup(table,
                            (struct in_addr *)&zeroin6_addr, 0,

Reply via email to