From 66b07ceddaa45f42a07fb355c68ff4387431f514 Mon Sep 17 00:00:00 2001 From: semarie Date: Sun, 18 Oct 2015 05:26:55 +0000 Subject: [PATCH] move SS_DNS socket check from kern_plegde.c to sys_generic.c this check has nothing to do with pledge(2). make it lives in sys_ioctl() call. while here, move the (fp == NULL) check early and remove duplicate check from pledge_ioctl_check(). ok guenther@ deraadt@ --- sys/kern/kern_pledge.c | 12 ++---------- sys/kern/sys_generic.c | 15 +++++++++++---- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index 2d4f8ac3f0f..1001900a7ef 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.53 2015/10/18 04:21:39 deraadt Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.54 2015/10/18 05:26:55 semarie Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -1006,13 +1006,6 @@ pledge_ioctl_check(struct proc *p, long com, void *v) struct file *fp = v; struct vnode *vp = NULL; - if (fp->f_type == DTYPE_SOCKET) { - struct socket *so = fp->f_data; - - if (so->so_state & SS_DNS) - return (EINVAL); - } - if ((p->p_p->ps_flags & PS_PLEDGE) == 0) return (0); @@ -1027,8 +1020,7 @@ pledge_ioctl_check(struct proc *p, long com, void *v) return (0); } - if (fp == NULL) - return (EBADF); + /* fp != NULL was already checked */ vp = (struct vnode *)fp->f_data; /* diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c index e837cc5431e..baaedd4efb5 100644 --- a/sys/kern/sys_generic.c +++ b/sys/kern/sys_generic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_generic.c,v 1.107 2015/10/11 23:13:02 deraadt Exp $ */ +/* $OpenBSD: sys_generic.c,v 1.108 2015/10/18 05:26:55 semarie Exp $ */ /* $NetBSD: sys_generic.c,v 1.24 1996/03/29 00:25:32 cgd Exp $ */ /* @@ -404,13 +404,20 @@ sys_ioctl(struct proc *p, void *v, register_t *retval) fdp = p->p_fd; fp = fd_getfile_mode(fdp, SCARG(uap, fd), FREAD|FWRITE); + if (fp == NULL) + return (EBADF); + + if (fp->f_type == DTYPE_SOCKET) { + struct socket *so = fp->f_data; + + if (so->so_state & SS_DNS) + return (EINVAL); + } + error = pledge_ioctl_check(p, com, fp); if (error) return (error); - if (fp == NULL) - return (EBADF); - switch (com) { case FIONCLEX: case FIOCLEX: -- 2.20.1