If the called of ypconnect(2) is root, the socket should acquire a

author deraadt <deraadt@openbsd.org>

Wed, 7 Dec 2022 01:02:28 +0000 (01:02 +0000)

committer deraadt <deraadt@openbsd.org>

Wed, 7 Dec 2022 01:02:28 +0000 (01:02 +0000)
author deraadt <deraadt@openbsd.org>
Wed, 7 Dec 2022 01:02:28 +0000 (01:02 +0000)
committer deraadt <deraadt@openbsd.org>
Wed, 7 Dec 2022 01:02:28 +0000 (01:02 +0000)
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c

index 4e5dd64..395f0a2 100644 (file)
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: uipc_syscalls.c,v 1.206 2022/12/05 23:18:37 deraadt Exp $     */
+/*     $OpenBSD: uipc_syscalls.c,v 1.207 2022/12/07 01:02:28 deraadt Exp $     */
  /*     $NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $      */
  
  /*
@@ -60,6 +60,9 @@
  
  #include <sys/domain.h>
  #include <netinet/in.h>
+#include <netinet/ip.h>
+#include <net/route.h>
+#include <netinet/in_pcb.h>
  #include <net/rtable.h>
  
  int    copyaddrout(struct proc *, struct mbuf *, struct sockaddr *, socklen_t,
@@ -1648,6 +1651,11 @@ out:
                 ktrsockaddr(p, mtod(nam, caddr_t), sizeof(struct sockaddr_in));
  #endif
         solock(so);
+
+       /* Secure YP maps require reserved ports */
+       if (suser(p) == 0)
+               sotoinpcb(so)->inp_flags |= INP_LOWPORT;
+
         error = soconnect(so, nam);
         while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) {
                 error = sosleep_nsec(so, &so->so_timeo, PSOCK | PCATCH,
author	deraadt <deraadt@openbsd.org>
	Wed, 7 Dec 2022 01:02:28 +0000 (01:02 +0000)
committer	deraadt <deraadt@openbsd.org>
	Wed, 7 Dec 2022 01:02:28 +0000 (01:02 +0000)