diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2001-08-03 18:21:06 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2001-08-03 18:21:06 +0000 |
commit | fd6aaf7fe1f443068ed1d8a87bb2fa87fc764e8a (patch) | |
tree | 4a548d8e68a33d117684ddfdbf19ac544b5daa92 /sys/kern/kern_jail.c | |
parent | 7d69e57088bd22ba6fe5544a3e90bf7282d6e042 (diff) | |
download | src-fd6aaf7fe1f443068ed1d8a87bb2fa87fc764e8a.tar.gz src-fd6aaf7fe1f443068ed1d8a87bb2fa87fc764e8a.zip |
Anton kindly pointed out (and fixed) a bug in the Jail handling of the
bind() call on IPv4 sockets:
Currently, if one tries to bind a socket using INADDR_LOOPBACK inside a
jail, it will fail because prison_ip() does not take this possibility
into account. On the other hand, when one tries to connect(), for
example, to localhost, prison_remote_ip() will silently convert
INADDR_LOOPBACK to the jail's IP address. Therefore, it is desirable to
make bind() to do this implicit conversion as well.
Apart from this, the patch also replaces 0x7f000001 in
prison_remote_ip() to a more correct INADDR_LOOPBACK.
This is a 4.4-RELEASE "during the freeze, thanks" MFC candidate.
Submitted by: Anton Berezin <tobez@FreeBSD.org>
Discussed with at some point: phk
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=81114
Diffstat (limited to 'sys/kern/kern_jail.c')
-rw-r--r-- | sys/kern/kern_jail.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index c417667a09f1..b80d2f1eb135 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -123,6 +123,13 @@ prison_ip(struct ucred *cred, int flag, u_int32_t *ip) *ip = htonl(cred->cr_prison->pr_ip); return (0); } + if (tmp == INADDR_LOOPBACK) { + if (flag) + *ip = cred->cr_prison->pr_ip; + else + *ip = htonl(cred->cr_prison->pr_ip); + return (0); + } if (cred->cr_prison->pr_ip != tmp) return (1); return (0); @@ -139,7 +146,7 @@ prison_remote_ip(struct ucred *cred, int flag, u_int32_t *ip) tmp = *ip; else tmp = ntohl(*ip); - if (tmp == 0x7f000001) { + if (tmp == INADDR_LOOPBACK) { if (flag) *ip = cred->cr_prison->pr_ip; else |