Module Name: src Committed By: christos Date: Tue Dec 17 04:54:37 UTC 2019
Modified Files: src/sys/dev/ic: ath.c src/sys/dev/usb: if_umb.c src/sys/net: if.c Log Message: Protect network ioctls from non-authorized users. (Ilja Van Sprundel) To generate a diff of this commit: cvs rdiff -u -r1.128 -r1.129 src/sys/dev/ic/ath.c cvs rdiff -u -r1.9 -r1.10 src/sys/dev/usb/if_umb.c cvs rdiff -u -r1.465 -r1.466 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/dev/ic/ath.c diff -u src/sys/dev/ic/ath.c:1.128 src/sys/dev/ic/ath.c:1.129 --- src/sys/dev/ic/ath.c:1.128 Sun Nov 10 16:16:35 2019 +++ src/sys/dev/ic/ath.c Mon Dec 16 23:54:36 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: ath.c,v 1.128 2019/11/10 21:16:35 chs Exp $ */ +/* $NetBSD: ath.c,v 1.129 2019/12/17 04:54:36 christos Exp $ */ /*- * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting @@ -41,7 +41,7 @@ __FBSDID("$FreeBSD: src/sys/dev/ath/if_ath.c,v 1.104 2005/09/16 10:09:23 ru Exp $"); #endif #ifdef __NetBSD__ -__KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.128 2019/11/10 21:16:35 chs Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.129 2019/12/17 04:54:36 christos Exp $"); #endif /* @@ -69,6 +69,7 @@ __KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.12 #include <sys/callout.h> #include <sys/bus.h> #include <sys/endian.h> +#include <sys/kauth.h> #include <net/if.h> #include <net/if_dl.h> @@ -5422,6 +5423,12 @@ ath_ioctl(struct ifnet *ifp, u_long cmd, return copyout(&sc->sc_stats, ifr->ifr_data, sizeof (sc->sc_stats)); case SIOCGATHDIAG: + error = kauth_authorize_network(curlwp->l_cred, + KAUTH_NETWORK_INTERFACE, + KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd), + NULL); + if (error) + break; error = ath_ioctl_diag(sc, (struct ath_diag *) ifr); break; default: Index: src/sys/dev/usb/if_umb.c diff -u src/sys/dev/usb/if_umb.c:1.9 src/sys/dev/usb/if_umb.c:1.10 --- src/sys/dev/usb/if_umb.c:1.9 Wed Jun 26 18:58:58 2019 +++ src/sys/dev/usb/if_umb.c Mon Dec 16 23:54:36 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_umb.c,v 1.9 2019/06/26 22:58:58 khorben Exp $ */ +/* $NetBSD: if_umb.c,v 1.10 2019/12/17 04:54:36 christos Exp $ */ /* $OpenBSD: if_umb.c,v 1.20 2018/09/10 17:00:45 gerhard Exp $ */ /* @@ -26,7 +26,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: if_umb.c,v 1.9 2019/06/26 22:58:58 khorben Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_umb.c,v 1.10 2019/12/17 04:54:36 christos Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -779,6 +779,12 @@ umb_ioctl(struct ifnet *ifp, u_long cmd, usb_add_task(sc->sc_udev, &sc->sc_umb_task, USB_TASKQ_DRIVER); break; case SIOCGUMBINFO: + error = kauth_authorize_network(curlwp->l_cred, + KAUTH_NETWORK_INTERFACE, + KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd), + NULL); + if (error) + break; error = copyout(&sc->sc_info, ifr->ifr_data, sizeof(sc->sc_info)); break; Index: src/sys/net/if.c diff -u src/sys/net/if.c:1.465 src/sys/net/if.c:1.466 --- src/sys/net/if.c:1.465 Thu Nov 14 11:23:53 2019 +++ src/sys/net/if.c Mon Dec 16 23:54:36 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if.c,v 1.465 2019/11/14 16:23:53 maxv Exp $ */ +/* $NetBSD: if.c,v 1.466 2019/12/17 04:54:36 christos Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc. @@ -90,7 +90,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.465 2019/11/14 16:23:53 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.466 2019/12/17 04:54:36 christos Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -2971,6 +2971,8 @@ ifioctl_common(struct ifnet *ifp, u_long struct ifcapreq *ifcr; struct ifdatareq *ifdr; unsigned short flags; + char *descr; + int error; switch (cmd) { case SIOCSIFCAP: @@ -3125,55 +3127,53 @@ ifioctl_common(struct ifnet *ifp, u_long #endif return ENETRESET; case SIOCSIFDESCR: - { - char *descrbuf; + error = kauth_authorize_network(curlwp->l_cred, + KAUTH_NETWORK_INTERFACE, + KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd), + NULL); + if (error) + return error; - ifr = data; + ifr = data; - if (ifr->ifr_buflen > IFDESCRSIZE) - return ENAMETOOLONG; + if (ifr->ifr_buflen > IFDESCRSIZE) + return ENAMETOOLONG; - if (ifr->ifr_buf == NULL || ifr->ifr_buflen == 0) { - /* unset description */ - descrbuf = NULL; - } else { - int error; - - descrbuf = kmem_zalloc(IFDESCRSIZE, KM_SLEEP); - /* copy (IFDESCRSIZE - 1) bytes to ensure terminating nul */ - error = copyin(ifr->ifr_buf, descrbuf, IFDESCRSIZE - 1); - if (error) { - kmem_free(descrbuf, IFDESCRSIZE); - return error; - } + if (ifr->ifr_buf == NULL || ifr->ifr_buflen == 0) { + /* unset description */ + descr = NULL; + } else { + descr = kmem_zalloc(IFDESCRSIZE, KM_SLEEP); + /* + * copy (IFDESCRSIZE - 1) bytes to ensure + * terminating nul + */ + error = copyin(ifr->ifr_buf, descr, IFDESCRSIZE - 1); + if (error) { + kmem_free(descr, IFDESCRSIZE); + return error; } + } - if (ifp->if_description != NULL) - kmem_free(ifp->if_description, IFDESCRSIZE); + if (ifp->if_description != NULL) + kmem_free(ifp->if_description, IFDESCRSIZE); - ifp->if_description = descrbuf; - } + ifp->if_description = descr; break; case SIOCGIFDESCR: - { - char *descr; + ifr = data; + descr = ifp->if_description; - ifr = data; - descr = ifp->if_description; + if (descr == NULL) + return ENOMSG; - if (descr == NULL) - return ENOMSG; + if (ifr->ifr_buflen < IFDESCRSIZE) + return EINVAL; - if (ifr->ifr_buflen < IFDESCRSIZE) - return EINVAL; - else { - int error; - error = copyout(descr, ifr->ifr_buf, IFDESCRSIZE); - if (error) - return error; - } - } + error = copyout(descr, ifr->ifr_buf, IFDESCRSIZE); + if (error) + return error; break; default: @@ -3196,10 +3196,13 @@ ifaddrpref_ioctl(struct socket *so, u_lo switch (cmd) { case SIOCSIFADDRPREF: - if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE, - KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, - NULL) != 0) - return EPERM; + error = kauth_authorize_network(curlwp->l_cred, + KAUTH_NETWORK_INTERFACE, + KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd), + NULL); + if (error) + return error; + break; case SIOCGIFADDRPREF: break; default: @@ -3310,7 +3313,7 @@ doifioctl(struct socket *so, u_long cmd, error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, - (void *)cmd, NULL); + KAUTH_ARG(cmd), NULL); if (ifp != NULL) if_put(ifp, &psref); if (error != 0) { @@ -3375,7 +3378,7 @@ doifioctl(struct socket *so, u_long cmd, error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, - (void *)cmd, NULL); + KAUTH_ARG(cmd), NULL); if (error != 0) goto out; }