From 43182f4cb43e9072ae352bad6a1c9fba95a717e1 Mon Sep 17 00:00:00 2001 From: deraadt Date: Sun, 25 Oct 2015 17:45:29 +0000 Subject: [PATCH] pledge_sockopt_check is shared between setsockopt/getsockopt. nicm found the first case of "get allowed, set not allowed". Tiny refactoring of that. --- sys/kern/kern_pledge.c | 26 +++++++++++++------------- sys/kern/uipc_syscalls.c | 6 +++--- sys/sys/pledge.h | 4 ++-- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index 1ca6490de70..7e8a6f9cda5 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.72 2015/10/25 11:09:28 semarie Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.73 2015/10/25 17:45:29 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -1141,7 +1141,7 @@ pledge_ioctl_check(struct proc *p, long com, void *v) } int -pledge_sockopt_check(struct proc *p, int level, int optname) +pledge_sockopt_check(struct proc *p, int set, int level, int optname) { if ((p->p_p->ps_flags & PS_PLEDGE) == 0) return (0); @@ -1149,12 +1149,12 @@ pledge_sockopt_check(struct proc *p, int level, int optname) /* Always allow these, which are too common to reject */ switch (level) { case SOL_SOCKET: - switch (optname) { - case SO_RCVBUF: + switch (optname) { + case SO_RCVBUF: case SO_ERROR: - return 0; - } - break; + return 0; + } + break; } if ((p->p_p->ps_pledge & (PLEDGE_INET|PLEDGE_UNIX|PLEDGE_DNS)) == 0) @@ -1162,11 +1162,11 @@ pledge_sockopt_check(struct proc *p, int level, int optname) /* In use by some service libraries */ switch (level) { case SOL_SOCKET: - switch (optname) { - case SO_TIMESTAMP: - return 0; - } - break; + switch (optname) { + case SO_TIMESTAMP: + return 0; + } + break; } if ((p->p_p->ps_pledge & (PLEDGE_INET|PLEDGE_UNIX)) == 0) @@ -1196,7 +1196,7 @@ pledge_sockopt_check(struct proc *p, int level, int optname) case IPPROTO_IP: switch (optname) { case IP_OPTIONS: - if (p->p_pledge_syscall == SYS_getsockopt) + if (!set) return (0); break; case IP_TOS: diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c index cbebf61d8f7..77893524de6 100644 --- a/sys/kern/uipc_syscalls.c +++ b/sys/kern/uipc_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_syscalls.c,v 1.117 2015/10/20 18:04:03 deraadt Exp $ */ +/* $OpenBSD: uipc_syscalls.c,v 1.118 2015/10/25 17:45:29 deraadt Exp $ */ /* $NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $ */ /* @@ -943,7 +943,7 @@ sys_setsockopt(struct proc *p, void *v, register_t *retval) if ((error = getsock(p, SCARG(uap, s), &fp)) != 0) return (error); - error = pledge_sockopt_check(p, SCARG(uap, level), SCARG(uap, name)); + error = pledge_sockopt_check(p, 1, SCARG(uap, level), SCARG(uap, name)); if (error) { error = pledge_fail(p, error, PLEDGE_INET); goto bad; @@ -999,7 +999,7 @@ sys_getsockopt(struct proc *p, void *v, register_t *retval) if ((error = getsock(p, SCARG(uap, s), &fp)) != 0) return (error); - error = pledge_sockopt_check(p, SCARG(uap, level), SCARG(uap, name)); + error = pledge_sockopt_check(p, 0, SCARG(uap, level), SCARG(uap, name)); if (error) { error = pledge_fail(p, error, PLEDGE_INET); goto out; diff --git a/sys/sys/pledge.h b/sys/sys/pledge.h index a781041fb79..5af42c15583 100644 --- a/sys/sys/pledge.h +++ b/sys/sys/pledge.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pledge.h,v 1.10 2015/10/23 01:10:01 deraadt Exp $ */ +/* $OpenBSD: pledge.h,v 1.11 2015/10/25 17:45:29 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -71,7 +71,7 @@ int pledge_chown_check(struct proc *p, uid_t, gid_t); int pledge_adjtime_check(struct proc *p, const void *v); int pledge_sendit_check(struct proc *p, const void *to); int pledge_socket_check(struct proc *p, int domain); -int pledge_sockopt_check(struct proc *p, int level, int optname); +int pledge_sockopt_check(struct proc *p, int set, int level, int optname); int pledge_socket_check(struct proc *p, int dns); int pledge_ioctl_check(struct proc *p, long com, void *); int pledge_flock_check(struct proc *p); -- 2.20.1