diff options
author | Gordon Tetlow <gordon@FreeBSD.org> | 2020-03-19 16:48:29 +0000 |
---|---|---|
committer | Gordon Tetlow <gordon@FreeBSD.org> | 2020-03-19 16:48:29 +0000 |
commit | 97281eaa7994241a71fa268ac15aca931d70e2c0 (patch) | |
tree | b193f9ad825ba8cd1748a6e38f0df73f5c284c3a | |
parent | 986219318e60e339316c80084d791ebcb362d459 (diff) | |
download | src-97281eaa7994241a71fa268ac15aca931d70e2c0.tar.gz src-97281eaa7994241a71fa268ac15aca931d70e2c0.zip |
Fix insufficient oce(4) ioctl(2) privilege checking.
Approved by: so
Security: FreeBSD-SA-20:05.if_oce_ioctl
Security: CVE-2019-15876
Notes
Notes:
svn path=/releng/11.3/; revision=359139
-rw-r--r-- | sys/dev/oce/oce_if.c | 3 | ||||
-rw-r--r-- | sys/dev/oce/oce_if.h | 1 |
2 files changed, 4 insertions, 0 deletions
diff --git a/sys/dev/oce/oce_if.c b/sys/dev/oce/oce_if.c index 3ce8f19f1f22..269801223bf8 100644 --- a/sys/dev/oce/oce_if.c +++ b/sys/dev/oce/oce_if.c @@ -616,6 +616,9 @@ oce_ioctl(struct ifnet *ifp, u_long command, caddr_t data) break; case SIOCGPRIVATE_0: + rc = priv_check(curthread, PRIV_DRIVER); + if (rc != 0) + break; rc = oce_handle_passthrough(ifp, data); break; default: diff --git a/sys/dev/oce/oce_if.h b/sys/dev/oce/oce_if.h index dde5b60b88e3..9e32098604f9 100644 --- a/sys/dev/oce/oce_if.h +++ b/sys/dev/oce/oce_if.h @@ -46,6 +46,7 @@ #include <sys/kernel.h> #include <sys/bus.h> #include <sys/mbuf.h> +#include <sys/priv.h> #include <sys/rman.h> #include <sys/socket.h> #include <sys/sockio.h> |