summaryrefslogtreecommitdiffstats
path: root/sys/net/if.c
diff options
context:
space:
mode:
authorbluhm <bluhm@openbsd.org>2019-11-13 21:25:04 +0000
committerbluhm <bluhm@openbsd.org>2019-11-13 21:25:04 +0000
commit5895849385d87fe1971d02b75ae36d824f6bf42d (patch)
treec91e08738a3e07db68330d9f78abc5ea66680524 /sys/net/if.c
parentfix check for sig_s; noted by qsa at qualys.com (diff)
downloadwireguard-openbsd-5895849385d87fe1971d02b75ae36d824f6bf42d.tar.xz
wireguard-openbsd-5895849385d87fe1971d02b75ae36d824f6bf42d.zip
Non root user must not use ioctl(2) to mess around with the address
of a network interface. OK deraadt@ claudio@
Diffstat (limited to 'sys/net/if.c')
-rw-r--r--sys/net/if.c29
1 files changed, 24 insertions, 5 deletions
diff --git a/sys/net/if.c b/sys/net/if.c
index c0c2657d9ab..6732e2a0596 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if.c,v 1.597 2019/11/13 01:36:27 deraadt Exp $ */
+/* $OpenBSD: if.c,v 1.598 2019/11/13 21:25:04 bluhm Exp $ */
/* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */
/*
@@ -2291,11 +2291,30 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct proc *p)
error = ((*so->so_proto->pr_usrreq)(so, PRU_CONTROL,
(struct mbuf *) cmd, (struct mbuf *) data,
(struct mbuf *) ifp, p));
- if (error == EOPNOTSUPP) {
- NET_LOCK();
- error = ((*ifp->if_ioctl)(ifp, cmd, data));
- NET_UNLOCK();
+ if (error != EOPNOTSUPP)
+ break;
+ switch (cmd) {
+ case SIOCAIFADDR:
+ case SIOCDIFADDR:
+ case SIOCSIFADDR:
+ case SIOCSIFNETMASK:
+ case SIOCSIFDSTADDR:
+ case SIOCSIFBRDADDR:
+#ifdef INET6
+ case SIOCAIFADDR_IN6:
+ case SIOCDIFADDR_IN6:
+#endif
+ error = suser(p);
+ break;
+ default:
+ error = 0;
+ break;
}
+ if (error)
+ break;
+ NET_LOCK();
+ error = ((*ifp->if_ioctl)(ifp, cmd, data));
+ NET_UNLOCK();
break;
}
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.