diff options
| author |   vgross <vgross@openbsd.org> | 2016-04-05 21:21:41 +0000 |
|---|---|---|
| committer | vgross <vgross@openbsd.org> | 2016-04-05 21:21:41 +0000 |
| commit | 37e7be014d8d280d3fae5f540eac959b77ec73e3 (patch) | |
| tree | ed690f2374dc2b7ff183f32f00a42ecdb8adc43b | |
| parent | Add $OpenBSD$ markers. (diff) | |
| download | wireguard-openbsd-37e7be014d8d280d3fae5f540eac959b77ec73e3.tar.xz wireguard-openbsd-37e7be014d8d280d3fae5f540eac959b77ec73e3.zip | |
Move reserved port checks from in(6)_pcbaddrisavail() to in_pcbbind().
Kill old comments while at it.
Ok mpi@ bluhm@
| -rw-r--r-- | sys/netinet/in_pcb.c | 13 | ||||
| -rw-r--r-- | sys/netinet6/in6_pcb.c | 14 |
2 files changed, 7 insertions, 20 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 46facec2d29..c8f4e98e63f 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.199 2016/04/05 19:34:05 vgross Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.200 2016/04/05 21:21:41 vgross Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -343,9 +343,13 @@ in_pcbbind(struct inpcb *inp, struct mbuf *nam, struct proc *p) } } - if (lport == 0) + if (lport == 0) { if ((error = in_pcbpickport(&lport, laddr, wild, inp, p))) return (error); + } else { + if (ntohs(lport) < IPPORT_RESERVED && (error = suser(p, 0))) + return (EACCES); + } if (nam) { switch (sotopf(so)) { #ifdef INET6 @@ -371,7 +375,6 @@ in_pcbaddrisavail(struct inpcb *inp, struct sockaddr_in *sin, int wild, struct inpcbtable *table = inp->inp_table; u_int16_t lport = sin->sin_port; int reuseport = (so->so_options & SO_REUSEPORT); - int error; if (IN_MULTICAST(sin->sin_addr.s_addr)) { /* @@ -411,10 +414,6 @@ in_pcbaddrisavail(struct inpcb *inp, struct sockaddr_in *sin, int wild, if (lport) { struct inpcb *t; - /* GROSS */ - if (ntohs(lport) < IPPORT_RESERVED && - (error = suser(p, 0))) - return (EACCES); if (so->so_euid) { t = in_pcblookup(table, &zeroin_addr, 0, &sin->sin_addr, lport, INPLOOKUP_WILDCARD, diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index 4fde2100475..1ffdd1d4c84 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6_pcb.c,v 1.90 2016/03/30 13:02:22 vgross Exp $ */ +/* $OpenBSD: in6_pcb.c,v 1.91 2016/04/05 21:21:41 vgross Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -158,7 +158,6 @@ in6_pcbaddrisavail(struct inpcb *inp, struct sockaddr_in6 *sin6, int wild, struct inpcbtable *table = inp->inp_table; u_short lport = sin6->sin6_port; int reuseport = (so->so_options & SO_REUSEPORT); - int error; wild |= INPLOOKUP_IPV6; /* KAME hack: embed scopeid */ @@ -217,17 +216,6 @@ in6_pcbaddrisavail(struct inpcb *inp, struct sockaddr_in6 *sin6, int wild, if (lport) { struct inpcb *t; - /* - * Question: Do we wish to continue the Berkeley - * tradition of ports < IPPORT_RESERVED be only for - * root? - * Answer: For now yes, but IMHO, it should be REMOVED! - * OUCH: One other thing, is there no better way of - * finding a process for a socket instead of using - * curproc? (Marked with BSD's {in,}famous XXX ? - */ - if (ntohs(lport) < IPPORT_RESERVED && (error = suser(p, 0))) - return error; if (so->so_euid) { t = in_pcblookup(table, (struct in_addr *)&zeroin6_addr, 0, |