From 645be9544007830aac9ffff678e856b8158c5b93 Mon Sep 17 00:00:00 2001 From: deraadt Date: Tue, 13 Oct 2015 16:09:24 +0000 Subject: [PATCH] allow getsockopt IP_RECVDSTPORT & IPV6_RECVDSTPORT for an "inet" pledge --- sys/kern/kern_pledge.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index d898d77d186..af54fb7dd01 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.18 2015/10/13 00:03:42 doug Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.19 2015/10/13 16:09:24 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -1142,6 +1142,7 @@ pledge_setsockopt_check(struct proc *p, int level, int optname) case IP_MINTTL: case IP_PORTRANGE: case IP_RECVDSTADDR: + case IP_RECVDSTPORT: return (0); case IP_MULTICAST_IF: case IP_ADD_MEMBERSHIP: @@ -1159,6 +1160,7 @@ pledge_setsockopt_check(struct proc *p, int level, int optname) case IPV6_RECVHOPLIMIT: case IPV6_PORTRANGE: case IPV6_RECVPKTINFO: + case IPV6_RECVDSTPORT: #ifdef notyet case IPV6_V6ONLY: #endif -- 2.20.1