aboutsummaryrefslogtreecommitdiff
path: root/lib/libcasper/services/cap_net/cap_net.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libcasper/services/cap_net/cap_net.c')
-rw-r--r--lib/libcasper/services/cap_net/cap_net.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/lib/libcasper/services/cap_net/cap_net.c b/lib/libcasper/services/cap_net/cap_net.c
index a963c753494b..1d5531676268 100644
--- a/lib/libcasper/services/cap_net/cap_net.c
+++ b/lib/libcasper/services/cap_net/cap_net.c
@@ -1058,7 +1058,7 @@ net_connect(const nvlist_t *limits, nvlist_t *nvlin, nvlist_t *nvlout)
const void *saddr;
const nvlist_t *funclimit;
size_t len;
- bool conn, conndns;
+ bool conn, conndns, allowed;
conn = net_allowed_mode(limits, CAPNET_CONNECT);
conndns = net_allowed_mode(limits, CAPNET_CONNECTDNS);
@@ -1071,12 +1071,20 @@ net_connect(const nvlist_t *limits, nvlist_t *nvlin, nvlist_t *nvlout)
funclimit = dnvlist_get_nvlist(limits, LIMIT_NV_CONNECT, NULL);
saddr = nvlist_get_binary(nvlin, "saddr", &len);
- if (conn && !net_allowed_bsaddr(funclimit, saddr, len)) {
- return (ENOTCAPABLE);
- } else if (conndns && (capdnscache == NULL ||
- !net_allowed_bsaddr_impl(capdnscache, saddr, len))) {
+ allowed = false;
+
+ if (conn && net_allowed_bsaddr(funclimit, saddr, len)) {
+ allowed = true;
+ }
+ if (conndns && capdnscache != NULL &&
+ net_allowed_bsaddr_impl(capdnscache, saddr, len)) {
+ allowed = true;
+ }
+
+ if (allowed == false) {
return (ENOTCAPABLE);
}
+
socket = dup(nvlist_get_descriptor(nvlin, "s"));
if (connect(socket, saddr, len) < 0) {
serrno = errno;
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-10 04:22:27 +0000