Module Name: src Committed By: martin Date: Tue Dec 17 16:12:54 UTC 2019
Modified Files: src/sys/dev/ic [netbsd-9]: ath.c src/sys/dev/usb [netbsd-9]: if_umb.c src/sys/net [netbsd-9]: if.c Log Message: Pull up following revision(s) (requested by christos in ticket #569): sys/dev/usb/if_umb.c: revision 1.10 sys/net/if.c: revision 1.466 sys/dev/ic/ath.c: revision 1.129 Protect network ioctls from non-authorized users. (Ilja Van Sprundel) To generate a diff of this commit: cvs rdiff -u -r1.127 -r1.127.2.1 src/sys/dev/ic/ath.c cvs rdiff -u -r1.9 -r1.9.2.1 src/sys/dev/usb/if_umb.c cvs rdiff -u -r1.457.2.2 -r1.457.2.3 src/sys/net/if.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/dev/ic/ath.c diff -u src/sys/dev/ic/ath.c:1.127 src/sys/dev/ic/ath.c:1.127.2.1 --- src/sys/dev/ic/ath.c:1.127 Tue May 28 07:41:48 2019 +++ src/sys/dev/ic/ath.c Tue Dec 17 16:12:54 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: ath.c,v 1.127 2019/05/28 07:41:48 msaitoh Exp $ */ +/* $NetBSD: ath.c,v 1.127.2.1 2019/12/17 16:12:54 martin Exp $ */ /*- * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting @@ -41,7 +41,7 @@ __FBSDID("$FreeBSD: src/sys/dev/ath/if_ath.c,v 1.104 2005/09/16 10:09:23 ru Exp $"); #endif #ifdef __NetBSD__ -__KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.127 2019/05/28 07:41:48 msaitoh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.127.2.1 2019/12/17 16:12:54 martin Exp $"); #endif /* @@ -69,6 +69,7 @@ __KERNEL_RCSID(0, "$NetBSD: ath.c,v 1.12 #include <sys/callout.h> #include <sys/bus.h> #include <sys/endian.h> +#include <sys/kauth.h> #include <net/if.h> #include <net/if_dl.h> @@ -5441,6 +5442,12 @@ ath_ioctl(struct ifnet *ifp, u_long cmd, return copyout(&sc->sc_stats, ifr->ifr_data, sizeof (sc->sc_stats)); case SIOCGATHDIAG: + error = kauth_authorize_network(curlwp->l_cred, + KAUTH_NETWORK_INTERFACE, + KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd), + NULL); + if (error) + break; error = ath_ioctl_diag(sc, (struct ath_diag *) ifr); break; default: Index: src/sys/dev/usb/if_umb.c diff -u src/sys/dev/usb/if_umb.c:1.9 src/sys/dev/usb/if_umb.c:1.9.2.1 --- src/sys/dev/usb/if_umb.c:1.9 Wed Jun 26 22:58:58 2019 +++ src/sys/dev/usb/if_umb.c Tue Dec 17 16:12:53 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_umb.c,v 1.9 2019/06/26 22:58:58 khorben Exp $ */ +/* $NetBSD: if_umb.c,v 1.9.2.1 2019/12/17 16:12:53 martin Exp $ */ /* $OpenBSD: if_umb.c,v 1.20 2018/09/10 17:00:45 gerhard Exp $ */ /* @@ -26,7 +26,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: if_umb.c,v 1.9 2019/06/26 22:58:58 khorben Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_umb.c,v 1.9.2.1 2019/12/17 16:12:53 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -779,6 +779,12 @@ umb_ioctl(struct ifnet *ifp, u_long cmd, usb_add_task(sc->sc_udev, &sc->sc_umb_task, USB_TASKQ_DRIVER); break; case SIOCGUMBINFO: + error = kauth_authorize_network(curlwp->l_cred, + KAUTH_NETWORK_INTERFACE, + KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd), + NULL); + if (error) + break; error = copyout(&sc->sc_info, ifr->ifr_data, sizeof(sc->sc_info)); break; Index: src/sys/net/if.c diff -u src/sys/net/if.c:1.457.2.2 src/sys/net/if.c:1.457.2.3 --- src/sys/net/if.c:1.457.2.2 Tue Sep 24 03:10:35 2019 +++ src/sys/net/if.c Tue Dec 17 16:12:54 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if.c,v 1.457.2.2 2019/09/24 03:10:35 martin Exp $ */ +/* $NetBSD: if.c,v 1.457.2.3 2019/12/17 16:12:54 martin Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc. @@ -90,7 +90,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.457.2.2 2019/09/24 03:10:35 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.457.2.3 2019/12/17 16:12:54 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -2971,7 +2971,9 @@ ifioctl_common(struct ifnet *ifp, u_long struct ifreq *ifr; struct ifcapreq *ifcr; struct ifdatareq *ifdr; - + char *descr; + int error; + switch (cmd) { case SIOCSIFCAP: ifcr = data; @@ -3120,55 +3122,53 @@ ifioctl_common(struct ifnet *ifp, u_long #endif return ENETRESET; case SIOCSIFDESCR: - { - char *descrbuf; + error = kauth_authorize_network(curlwp->l_cred, + KAUTH_NETWORK_INTERFACE, + KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd), + NULL); + if (error) + return error; - ifr = data; + ifr = data; - if (ifr->ifr_buflen > IFDESCRSIZE) - return ENAMETOOLONG; + if (ifr->ifr_buflen > IFDESCRSIZE) + return ENAMETOOLONG; - if (ifr->ifr_buf == NULL || ifr->ifr_buflen == 0) { - /* unset description */ - descrbuf = NULL; - } else { - int error; - - descrbuf = kmem_zalloc(IFDESCRSIZE, KM_SLEEP); - /* copy (IFDESCRSIZE - 1) bytes to ensure terminating nul */ - error = copyin(ifr->ifr_buf, descrbuf, IFDESCRSIZE - 1); - if (error) { - kmem_free(descrbuf, IFDESCRSIZE); - return error; - } + if (ifr->ifr_buf == NULL || ifr->ifr_buflen == 0) { + /* unset description */ + descr = NULL; + } else { + descr = kmem_zalloc(IFDESCRSIZE, KM_SLEEP); + /* + * copy (IFDESCRSIZE - 1) bytes to ensure + * terminating nul + */ + error = copyin(ifr->ifr_buf, descr, IFDESCRSIZE - 1); + if (error) { + kmem_free(descr, IFDESCRSIZE); + return error; } + } - if (ifp->if_description != NULL) - kmem_free(ifp->if_description, IFDESCRSIZE); + if (ifp->if_description != NULL) + kmem_free(ifp->if_description, IFDESCRSIZE); - ifp->if_description = descrbuf; - } + ifp->if_description = descr; break; case SIOCGIFDESCR: - { - char *descr; + ifr = data; + descr = ifp->if_description; - ifr = data; - descr = ifp->if_description; + if (descr == NULL) + return ENOMSG; - if (descr == NULL) - return ENOMSG; + if (ifr->ifr_buflen < IFDESCRSIZE) + return EINVAL; - if (ifr->ifr_buflen < IFDESCRSIZE) - return EINVAL; - else { - int error; - error = copyout(descr, ifr->ifr_buf, IFDESCRSIZE); - if (error) - return error; - } - } + error = copyout(descr, ifr->ifr_buf, IFDESCRSIZE); + if (error) + return error; break; default: @@ -3191,10 +3191,13 @@ ifaddrpref_ioctl(struct socket *so, u_lo switch (cmd) { case SIOCSIFADDRPREF: - if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE, - KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, - NULL) != 0) - return EPERM; + error = kauth_authorize_network(curlwp->l_cred, + KAUTH_NETWORK_INTERFACE, + KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd), + NULL); + if (error) + return error; + break; case SIOCGIFADDRPREF: break; default: @@ -3305,7 +3308,7 @@ doifioctl(struct socket *so, u_long cmd, error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, - (void *)cmd, NULL); + KAUTH_ARG(cmd), NULL); if (ifp != NULL) if_put(ifp, &psref); if (error != 0) { @@ -3370,7 +3373,7 @@ doifioctl(struct socket *so, u_long cmd, error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, - (void *)cmd, NULL); + KAUTH_ARG(cmd), NULL); if (error != 0) goto out; }