From c76ddeeb1c32e72a73f5f9ba89dd39dee596a5ac Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Mon, 23 Dec 2019 23:43:50 +0000
Subject: oce: Disallow the passthrough ioctl for unprivileged users.

A missing check meant that unprivileged users could send passthrough
commands to the device firmware.

Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
---
 sys/dev/oce/oce_if.c | 3 +++
 sys/dev/oce/oce_if.h | 1 +
 2 files changed, 4 insertions(+)

(limited to 'sys/dev')

diff --git a/sys/dev/oce/oce_if.c b/sys/dev/oce/oce_if.c
index a826b0528b2e..edd0f4346689 100644
--- a/sys/dev/oce/oce_if.c
+++ b/sys/dev/oce/oce_if.c
@@ -620,6 +620,9 @@ oce_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
 		break;
 
 	case SIOCGPRIVATE_0:
+		rc = priv_check(curthread, PRIV_DRIVER);
+		if (rc != 0)
+			break;
 		rc = oce_handle_passthrough(ifp, data);
 		break;
 	default:
diff --git a/sys/dev/oce/oce_if.h b/sys/dev/oce/oce_if.h
index d1fd35bd35f9..033d48f7ad90 100644
--- a/sys/dev/oce/oce_if.h
+++ b/sys/dev/oce/oce_if.h
@@ -48,6 +48,7 @@
 #include <sys/kernel.h>
 #include <sys/bus.h>
 #include <sys/mbuf.h>
+#include <sys/priv.h>
 #include <sys/rman.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
-- 
cgit v1.2.3