CVS commit: src/sys

Mon, 16 Dec 2019 20:55:42 -0800 

Module Name:    src
Committed By:   christos
Date:           Tue Dec 17 04:54:37 UTC 2019

Modified Files:
        src/sys/dev/ic: ath.c
        src/sys/dev/usb: if_umb.c
        src/sys/net: if.c

Log Message:
Protect network ioctls from non-authorized users. (Ilja Van Sprundel)


To generate a diff of this commit:
cvs rdiff -u -r1.128 -r1.129 src/sys/dev/ic/ath.c
cvs rdiff -u -r1.9 -r1.10 src/sys/dev/usb/if_umb.c
cvs rdiff -u -r1.465 -r1.466 src/sys/net/if.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/dev/ic/ath.c
diff -u src/sys/dev/ic/ath.c:1.128 src/sys/dev/ic/ath.c:1.129
--- src/sys/dev/ic/ath.c:1.128	Sun Nov 10 16:16:35 2019
+++ src/sys/dev/ic/ath.c	Mon Dec 16 23:54:36 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: ath.c,v 1.128 2019/11/10 21:16:35 chs Exp $	*/
+/*	$NetBSD: ath.c,v 1.129 2019/12/17 04:54:36 christos Exp $	*/
 
 /*-
  * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
@@ -41,7 +41,7 @@
 __FBSDID("$FreeBSD: src/sys/dev/ath/if_ath.c,v 1.104 2005/09/16 10:09:23 ru Exp $");
 #endif
 #ifdef __NetBSD__
-__KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.128 2019/11/10 21:16:35 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.129 2019/12/17 04:54:36 christos Exp $");
 #endif
 
 /*
@@ -69,6 +69,7 @@ __KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.12
 #include <sys/callout.h>
 #include <sys/bus.h>
 #include <sys/endian.h>
+#include <sys/kauth.h>
 
 #include <net/if.h>
 #include <net/if_dl.h>
@@ -5422,6 +5423,12 @@ ath_ioctl(struct ifnet *ifp, u_long cmd,
 		return copyout(&sc->sc_stats,
 				ifr->ifr_data, sizeof (sc->sc_stats));
 	case SIOCGATHDIAG:
+		error = kauth_authorize_network(curlwp->l_cred,
+		    KAUTH_NETWORK_INTERFACE,
+		    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
+		    NULL);
+		if (error)
+			break;
 		error = ath_ioctl_diag(sc, (struct ath_diag *) ifr);
 		break;
 	default:

Index: src/sys/dev/usb/if_umb.c
diff -u src/sys/dev/usb/if_umb.c:1.9 src/sys/dev/usb/if_umb.c:1.10
--- src/sys/dev/usb/if_umb.c:1.9	Wed Jun 26 18:58:58 2019
+++ src/sys/dev/usb/if_umb.c	Mon Dec 16 23:54:36 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_umb.c,v 1.9 2019/06/26 22:58:58 khorben Exp $ */
+/*	$NetBSD: if_umb.c,v 1.10 2019/12/17 04:54:36 christos Exp $ */
 /*	$OpenBSD: if_umb.c,v 1.20 2018/09/10 17:00:45 gerhard Exp $ */
 
 /*
@@ -26,7 +26,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_umb.c,v 1.9 2019/06/26 22:58:58 khorben Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_umb.c,v 1.10 2019/12/17 04:54:36 christos Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -779,6 +779,12 @@ umb_ioctl(struct ifnet *ifp, u_long cmd,
 		usb_add_task(sc->sc_udev, &sc->sc_umb_task, USB_TASKQ_DRIVER);
 		break;
 	case SIOCGUMBINFO:
+		error = kauth_authorize_network(curlwp->l_cred,
+		    KAUTH_NETWORK_INTERFACE,
+		    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
+		    NULL);
+		if (error)
+			break;
 		error = copyout(&sc->sc_info, ifr->ifr_data,
 		    sizeof(sc->sc_info));
 		break;

Index: src/sys/net/if.c
diff -u src/sys/net/if.c:1.465 src/sys/net/if.c:1.466
--- src/sys/net/if.c:1.465	Thu Nov 14 11:23:53 2019
+++ src/sys/net/if.c	Mon Dec 16 23:54:36 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: if.c,v 1.465 2019/11/14 16:23:53 maxv Exp $	*/
+/*	$NetBSD: if.c,v 1.466 2019/12/17 04:54:36 christos Exp $	*/
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.465 2019/11/14 16:23:53 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.466 2019/12/17 04:54:36 christos Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -2971,6 +2971,8 @@ ifioctl_common(struct ifnet *ifp, u_long
 	struct ifcapreq *ifcr;
 	struct ifdatareq *ifdr;
 	unsigned short flags;
+	char *descr;
+	int error;
 
 	switch (cmd) {
 	case SIOCSIFCAP:
@@ -3125,55 +3127,53 @@ ifioctl_common(struct ifnet *ifp, u_long
 #endif
 		return ENETRESET;
 	case SIOCSIFDESCR:
-		{
-			char *descrbuf;
+		error = kauth_authorize_network(curlwp->l_cred,
+		    KAUTH_NETWORK_INTERFACE,
+		    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
+		    NULL);
+		if (error)
+			return error;
 
- 			ifr = data;
+		ifr = data;
 
- 			if (ifr->ifr_buflen > IFDESCRSIZE)
-				return ENAMETOOLONG;
+		if (ifr->ifr_buflen > IFDESCRSIZE)
+			return ENAMETOOLONG;
 
- 			if (ifr->ifr_buf == NULL || ifr->ifr_buflen == 0) {
-				/* unset description */
-				descrbuf = NULL;
-			} else {
-				int error;
-
- 				descrbuf = kmem_zalloc(IFDESCRSIZE, KM_SLEEP);
-				/* copy (IFDESCRSIZE - 1) bytes to ensure terminating nul */
-				error = copyin(ifr->ifr_buf, descrbuf, IFDESCRSIZE - 1);
-				if (error) {
-					kmem_free(descrbuf, IFDESCRSIZE);
-					return error;
-				}
+		if (ifr->ifr_buf == NULL || ifr->ifr_buflen == 0) {
+			/* unset description */
+			descr = NULL;
+		} else {
+			descr = kmem_zalloc(IFDESCRSIZE, KM_SLEEP);
+			/*
+			 * copy (IFDESCRSIZE - 1) bytes to ensure
+			 * terminating nul
+			 */
+			error = copyin(ifr->ifr_buf, descr, IFDESCRSIZE - 1);
+			if (error) {
+				kmem_free(descr, IFDESCRSIZE);
+				return error;
 			}
+		}
 
- 			if (ifp->if_description != NULL)
-				kmem_free(ifp->if_description, IFDESCRSIZE);
+		if (ifp->if_description != NULL)
+			kmem_free(ifp->if_description, IFDESCRSIZE);
 
- 			ifp->if_description = descrbuf;
-		}
+		ifp->if_description = descr;
 		break;
 
  	case SIOCGIFDESCR:
-		{
-			char *descr;
+		ifr = data;
+		descr = ifp->if_description;
 
- 			ifr = data;
-			descr = ifp->if_description;
+		if (descr == NULL)
+			return ENOMSG;
 
- 			if (descr == NULL)
-				return ENOMSG;
+		if (ifr->ifr_buflen < IFDESCRSIZE)
+			return EINVAL;
 
- 			if (ifr->ifr_buflen < IFDESCRSIZE)
-				return EINVAL;
-			else {
-				int error;
-				error = copyout(descr, ifr->ifr_buf, IFDESCRSIZE);
-				if (error)
-					return error;
-			}
-		}
+		error = copyout(descr, ifr->ifr_buf, IFDESCRSIZE);
+		if (error)
+			return error;
  		break;
 
 	default:
@@ -3196,10 +3196,13 @@ ifaddrpref_ioctl(struct socket *so, u_lo
 
 	switch (cmd) {
 	case SIOCSIFADDRPREF:
-		if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE,
-		    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
-		    NULL) != 0)
-			return EPERM;
+		error = kauth_authorize_network(curlwp->l_cred,
+		    KAUTH_NETWORK_INTERFACE,
+		    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
+		    NULL);
+		if (error)
+			return error;
+		break;
 	case SIOCGIFADDRPREF:
 		break;
 	default:
@@ -3310,7 +3313,7 @@ doifioctl(struct socket *so, u_long cmd,
 			error = kauth_authorize_network(l->l_cred,
 			    KAUTH_NETWORK_INTERFACE,
 			    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp,
-			    (void *)cmd, NULL);
+			    KAUTH_ARG(cmd), NULL);
 			if (ifp != NULL)
 				if_put(ifp, &psref);
 			if (error != 0) {
@@ -3375,7 +3378,7 @@ doifioctl(struct socket *so, u_long cmd,
 			error = kauth_authorize_network(l->l_cred,
 			    KAUTH_NETWORK_INTERFACE,
 			    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp,
-			    (void *)cmd, NULL);
+			    KAUTH_ARG(cmd), NULL);
 			if (error != 0)
 				goto out;
 		}

Reply via email to