put TIOCSWINSZ in the right block "tty", not in "ioctl". this happened

because the "route' tests were placed between the two, creating confusion. fix that while here.
author: deraadt <deraadt@openbsd.org> 2015-10-11 15:40:48 +0000
committer: deraadt <deraadt@openbsd.org> 2015-10-11 15:40:48 +0000
commit: f50373aed66a3f375d0730bd548c29916498bb49 (patch)
tree: e871a7d8527b153e6ff826021387f71cda94e2b9
parent: needs at least some include love; choosing <stdlib.h> (diff)
download: wireguard-openbsd-f50373aed66a3f375d0730bd548c29916498bb49.tar.xz
wireguard-openbsd-f50373aed66a3f375d0730bd548c29916498bb49.zip
1 files changed, 13 insertions, 13 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 4fb0b837b92..e003c80f1fa 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.12 2015/10/11 15:25:39 deraadt Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.13 2015/10/11 15:40:48 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -1031,7 +1031,6 @@ pledge_ioctl_check(struct proc *p, long com, void *v)
 			return (ENOTTY);
 		case TIOCGPGRP:
 		case TIOCGWINSZ:	/* various programs */
-		case TIOCSWINSZ:
 			if (fp->f_type == DTYPE_VNODE && (vp->v_flag & VISTTY))
 				return (0);
 			break;
@@ -1055,17 +1054,6 @@ pledge_ioctl_check(struct proc *p, long com, void *v)
 		}
 	}
 
-	if ((p->p_p->ps_pledge & PLEDGE_ROUTE)) {
-		switch (com) {
-		case SIOCGIFADDR:
-		case SIOCGIFFLAGS:
-		case SIOCGIFRDOMAIN:
-			if (fp->f_type == DTYPE_SOCKET)
-				return (0);
-			break;
-		}
-	}
-
 	if ((p->p_p->ps_pledge & PLEDGE_TTY)) {
 		switch (com) {
 		case TIOCSPGRP:
@@ -1084,6 +1072,7 @@ pledge_ioctl_check(struct proc *p, long com, void *v)
 #endif
 		case TIOCGPGRP:
 		case TIOCGWINSZ:	/* various programs */
+		case TIOCSWINSZ:
 		case TIOCSBRK:		/* cu */
 		case TIOCCDTR:		/* cu */
 		case TIOCSETA:		/* cu, ... */
@@ -1095,6 +1084,17 @@ pledge_ioctl_check(struct proc *p, long com, void *v)
 		}
 	}
 
+	if ((p->p_p->ps_pledge & PLEDGE_ROUTE)) {
+		switch (com) {
+		case SIOCGIFADDR:
+		case SIOCGIFFLAGS:
+		case SIOCGIFRDOMAIN:
+			if (fp->f_type == DTYPE_SOCKET)
+				return (0);
+			break;
+		}
+	}
+
 	return pledge_fail(p, EPERM, PLEDGE_IOCTL);
 }
author	deraadt <deraadt@openbsd.org>	2015-10-11 15:40:48 +0000
committer	deraadt <deraadt@openbsd.org>	2015-10-11 15:40:48 +0000
commit	f50373aed66a3f375d0730bd548c29916498bb49 (patch)
tree	e871a7d8527b153e6ff826021387f71cda94e2b9
parent	needs at least some include love; choosing <stdlib.h> (diff)
download	wireguard-openbsd-f50373aed66a3f375d0730bd548c29916498bb49.tar.xz wireguard-openbsd-f50373aed66a3f375d0730bd548c29916498bb49.zip