On 30/03/16(Wed) 22:44, Vincent Gross wrote:
> Hello,
>
> This diff moves the "are we binding to a privileged port while not being root
> ?"
> check from in(6)_pcbaddrisavail() to in_pcbbind().
>
> This way we have a cleaner separation between "is the resource available ?"
> and "am I allowed to access the resource ?" (which may or may not get its own
> function later).
>
> Also, it unbreaks naddy@'s iked setup (ikev2:sendmsg([::]:500) =>
> in6_selectsrc() != in6p->inp_laddr6 => in6_pcbaddrisavail() => EPERM).
>
> Ok ?
If you remove the KAME comment and your name, yes.
> Index: sys/netinet/in_pcb.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/in_pcb.c,v
> retrieving revision 1.198
> diff -u -p -r1.198 in_pcb.c
> --- sys/netinet/in_pcb.c 26 Mar 2016 21:56:04 -0000 1.198
> +++ sys/netinet/in_pcb.c 30 Mar 2016 20:33:00 -0000
> @@ -341,9 +341,14 @@ in_pcbbind(struct inpcb *inp, struct mbu
> }
> }
>
> - if (lport == 0)
> + if (lport == 0) {
> if ((error = in_pcbpickport(&lport, wild, inp, p)))
> return (error);
> + } else {
> + if (ntohs(lport) < IPPORT_RESERVED &&
> + (error = suser(p, 0)))
> + return (EACCES);
> + }
> inp->inp_lport = lport;
> in_pcbrehash(inp);
> return (0);
> @@ -357,7 +362,6 @@ in_pcbaddrisavail(struct inpcb *inp, str
> struct inpcbtable *table = inp->inp_table;
> u_int16_t lport = sin->sin_port;
> int reuseport = (so->so_options & SO_REUSEPORT);
> - int error;
>
> if (IN_MULTICAST(sin->sin_addr.s_addr)) {
> /*
> @@ -398,9 +402,6 @@ in_pcbaddrisavail(struct inpcb *inp, str
> struct inpcb *t;
>
> /* GROSS */
> - if (ntohs(lport) < IPPORT_RESERVED &&
> - (error = suser(p, 0)))
> - return (EACCES);
> if (so->so_euid) {
> t = in_pcblookup(table, &zeroin_addr, 0,
> &sin->sin_addr, lport, INPLOOKUP_WILDCARD,
> Index: sys/netinet6/in6_pcb.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet6/in6_pcb.c,v
> retrieving revision 1.90
> diff -u -p -r1.90 in6_pcb.c
> --- sys/netinet6/in6_pcb.c 30 Mar 2016 13:02:22 -0000 1.90
> +++ sys/netinet6/in6_pcb.c 30 Mar 2016 20:33:01 -0000
> @@ -158,7 +158,6 @@ in6_pcbaddrisavail(struct inpcb *inp, st
> struct inpcbtable *table = inp->inp_table;
> u_short lport = sin6->sin6_port;
> int reuseport = (so->so_options & SO_REUSEPORT);
> - int error;
>
> wild |= INPLOOKUP_IPV6;
> /* KAME hack: embed scopeid */
> @@ -226,8 +225,6 @@ in6_pcbaddrisavail(struct inpcb *inp, st
> * finding a process for a socket instead of using
> * curproc? (Marked with BSD's {in,}famous XXX ?
> */
> - if (ntohs(lport) < IPPORT_RESERVED && (error = suser(p, 0)))
> - return error;
> if (so->so_euid) {
> t = in_pcblookup(table,
> (struct in_addr *)&zeroin6_addr, 0,
>
