move SS_DNS socket check from kern_plegde.c to sys_generic.c

this check has nothing to do with pledge(2). make it lives in sys_ioctl() call.

while here, move the (fp == NULL) check early and remove duplicate check from
pledge_ioctl_check().

ok guenther@ deraadt@

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 2d4f8ac..1001900 100644 (file)
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_pledge.c,v 1.53 2015/10/18 04:21:39 deraadt Exp $        */
+/*     $OpenBSD: kern_pledge.c,v 1.54 2015/10/18 05:26:55 semarie Exp $        */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -1006,13 +1006,6 @@ pledge_ioctl_check(struct proc *p, long com, void *v)
        struct file *fp = v;
        struct vnode *vp = NULL;
 
-       if (fp->f_type == DTYPE_SOCKET) {
-               struct socket *so = fp->f_data;
-
-               if (so->so_state & SS_DNS)
-                       return (EINVAL);
-       }
-
        if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
                return (0);
 
@@ -1027,8 +1020,7 @@ pledge_ioctl_check(struct proc *p, long com, void *v)
                return (0);
        }
 
-       if (fp == NULL)
-               return (EBADF);
+       /* fp != NULL was already checked */
        vp = (struct vnode *)fp->f_data;
 
        /*

diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c
index e837cc5..baaedd4 100644 (file)
--- a/sys/kern/sys_generic.c
+++ b/sys/kern/sys_generic.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sys_generic.c,v 1.107 2015/10/11 23:13:02 deraadt Exp $       */
+/*     $OpenBSD: sys_generic.c,v 1.108 2015/10/18 05:26:55 semarie Exp $       */
 /*     $NetBSD: sys_generic.c,v 1.24 1996/03/29 00:25:32 cgd Exp $     */
 
 /*
@@ -404,13 +404,20 @@ sys_ioctl(struct proc *p, void *v, register_t *retval)
        fdp = p->p_fd;
        fp = fd_getfile_mode(fdp, SCARG(uap, fd), FREAD|FWRITE);
 
+       if (fp == NULL)
+               return (EBADF);
+
+       if (fp->f_type == DTYPE_SOCKET) {
+               struct socket *so = fp->f_data;
+
+               if (so->so_state & SS_DNS)
+                       return (EINVAL);
+       }
+
        error = pledge_ioctl_check(p, com, fp);
        if (error)
                return (error);
 
-       if (fp == NULL)
-               return (EBADF);
-
        switch (com) {
        case FIONCLEX:
        case FIOCLEX: