From: kn Date: Tue, 18 Apr 2023 22:20:16 +0000 (+0000) Subject: Hoist identical privilege checks in in_ioctl*() X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=d0a0045a8da4cb70e9258dd60bbf92268445ef31;p=openbsd Hoist identical privilege checks in in_ioctl*() All cases do the same check as first step, so merge it before the switch and before grapping exclusive locks. OK mvs --- diff --git a/sys/netinet/in.c b/sys/netinet/in.c index ffc8ebc9bf5..498cb2f6bd3 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in.c,v 1.180 2023/04/15 13:24:47 kn Exp $ */ +/* $OpenBSD: in.c,v 1.181 2023/04/18 22:20:16 kn Exp $ */ /* $NetBSD: in.c,v 1.26 1996/02/13 23:41:39 christos Exp $ */ /* @@ -282,13 +282,13 @@ in_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged) goto err; } + if (!privileged) { + error = EPERM; + goto err; + } + switch (cmd) { case SIOCSIFDSTADDR: - if (!privileged) { - error = EPERM; - break; - } - if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { error = EINVAL; break; @@ -308,11 +308,6 @@ in_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged) break; case SIOCSIFBRDADDR: - if (!privileged) { - error = EPERM; - break; - } - if ((ifp->if_flags & IFF_BROADCAST) == 0) { error = EINVAL; break; @@ -324,11 +319,6 @@ in_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged) break; case SIOCSIFNETMASK: - if (!privileged) { - error = EPERM; - break; - } - if (ifr->ifr_addr.sa_len < 8) { error = EINVAL; break; @@ -429,6 +419,9 @@ in_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp, return (error); } + if (!privileged) + return (EPERM); + KERNEL_LOCK(); NET_LOCK(); @@ -447,11 +440,6 @@ in_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp, case SIOCAIFADDR: { int needinit = 0; - if (!privileged) { - error = EPERM; - break; - } - if (ifra->ifra_mask.sin_len) { if (ifra->ifra_mask.sin_len < 8) { error = EINVAL; @@ -534,11 +522,6 @@ in_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp, break; } case SIOCDIFADDR: - if (!privileged) { - error = EPERM; - break; - } - if (ia == NULL) { error = EADDRNOTAVAIL; break;