diff options
author | Mark Johnston <markj@FreeBSD.org> | 2019-12-23 23:43:50 +0000 |
---|---|---|
committer | Mark Johnston <markj@FreeBSD.org> | 2019-12-23 23:43:50 +0000 |
commit | c76ddeeb1c32e72a73f5f9ba89dd39dee596a5ac (patch) | |
tree | 1a15624fa3b0377b42693a564198379d7681834a /sys/dev | |
parent | 19352ba5adc6e1ea52853b794f91d37aa78a2ea7 (diff) | |
download | src-c76ddeeb1c32e72a73f5f9ba89dd39dee596a5ac.tar.gz src-c76ddeeb1c32e72a73f5f9ba89dd39dee596a5ac.zip |
oce: Disallow the passthrough ioctl for unprivileged users.
A missing check meant that unprivileged users could send passthrough
commands to the device firmware.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Notes
Notes:
svn path=/head/; revision=356047
Diffstat (limited to 'sys/dev')
-rw-r--r-- | sys/dev/oce/oce_if.c | 3 | ||||
-rw-r--r-- | sys/dev/oce/oce_if.h | 1 |
2 files changed, 4 insertions, 0 deletions
diff --git a/sys/dev/oce/oce_if.c b/sys/dev/oce/oce_if.c index a826b0528b2e..edd0f4346689 100644 --- a/sys/dev/oce/oce_if.c +++ b/sys/dev/oce/oce_if.c @@ -620,6 +620,9 @@ oce_ioctl(struct ifnet *ifp, u_long command, caddr_t data) break; case SIOCGPRIVATE_0: + rc = priv_check(curthread, PRIV_DRIVER); + if (rc != 0) + break; rc = oce_handle_passthrough(ifp, data); break; default: diff --git a/sys/dev/oce/oce_if.h b/sys/dev/oce/oce_if.h index d1fd35bd35f9..033d48f7ad90 100644 --- a/sys/dev/oce/oce_if.h +++ b/sys/dev/oce/oce_if.h @@ -48,6 +48,7 @@ #include <sys/kernel.h> #include <sys/bus.h> #include <sys/mbuf.h> +#include <sys/priv.h> #include <sys/rman.h> #include <sys/socket.h> #include <sys/sockio.h> |