Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Protect if_byindex by pserialize

This commit is contained in:
ozaki-r 2016-06-15 06:01:21 +00:00
parent e6e96483bf
commit c7e18ccbde
4 changed files with 41 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
sys/compat/linux/common/linux_socket.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: linux_socket.c,v 1.127 2016/05/12 02:24:16 ozaki-r Exp $ */
/* $NetBSD: linux_socket.c,v 1.128 2016/06/15 06:01:21 ozaki-r Exp $ */
/*-
* Copyright (c) 1995, 1998, 2008 The NetBSD Foundation, Inc.
@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.127 2016/05/12 02:24:16 ozaki-r Exp $");
__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.128 2016/06/15 06:01:21 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@ -1092,16 +1092,21 @@ linux_getifname(struct lwp *l, register_t *retval, void *data)
struct ifnet *ifp;
struct linux_ifreq ifr;
int error;
int s;
error = copyin(data, &ifr, sizeof(ifr));
if (error)
return error;
s = pserialize_read_enter();
ifp = if_byindex(ifr.ifr_ifru.ifru_ifindex);
if (ifp == NULL)
if (ifp == NULL) {
pserialize_read_exit(s);
return ENODEV;
}
strncpy(ifr.ifr_name, ifp->if_xname, sizeof(ifr.ifr_name));
pserialize_read_exit(s);
return copyout(&ifr, data, sizeof(ifr));
}

11
sys/compat/linux32/common/linux32_socket.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: linux32_socket.c,v 1.21 2016/05/12 02:24:16 ozaki-r Exp $ */
/* $NetBSD: linux32_socket.c,v 1.22 2016/06/15 06:01:21 ozaki-r Exp $ */
/*-
* Copyright (c) 2006 Emmanuel Dreyfus, all rights reserved.
@ -33,7 +33,7 @@
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.21 2016/05/12 02:24:16 ozaki-r Exp $");
__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.22 2016/06/15 06:01:21 ozaki-r Exp $");
#include <sys/types.h>
#include <sys/param.h>
@ -393,16 +393,21 @@ linux32_getifname(struct lwp *l, register_t *retval, void *data)
struct ifnet *ifp;
struct linux32_ifreq ifr;
int error;
int s;
error = copyin(data, &ifr, sizeof(ifr));
if (error)
return error;
s = pserialize_read_enter();
ifp = if_byindex(ifr.ifr_ifru.ifru_ifindex);
if (ifp == NULL)
if (ifp == NULL) {
pserialize_read_exit(s);
return ENODEV;
}
strncpy(ifr.ifr_name, ifp->if_xname, sizeof(ifr.ifr_name));
pserialize_read_exit(s);
return copyout(&ifr, data, sizeof(ifr));
}

11
sys/netinet6/nd6_rtr.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: nd6_rtr.c,v 1.111 2016/06/10 13:31:44 ozaki-r Exp $ */
/* $NetBSD: nd6_rtr.c,v 1.112 2016/06/15 06:01:21 ozaki-r Exp $ */
/* $KAME: nd6_rtr.c,v 1.95 2001/02/07 08:09:47 itojun Exp $ */
/*
@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: nd6_rtr.c,v 1.111 2016/06/10 13:31:44 ozaki-r Exp $");
__KERNEL_RCSID(0, "$NetBSD: nd6_rtr.c,v 1.112 2016/06/15 06:01:21 ozaki-r Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -2123,8 +2123,12 @@ nd6_setdefaultiface(int ifindex)
{
ifnet_t *ifp;
int error = 0;
int s;
if ((ifp = if_byindex(ifindex)) == NULL) {
s = pserialize_read_enter();
ifp = if_byindex(ifindex);
if (ifp == NULL) {
pserialize_read_exit(s);
return EINVAL;
}
if (nd6_defifindex != ifindex) {
@ -2138,6 +2142,7 @@ nd6_setdefaultiface(int ifindex)
*/
scope6_setdefault(nd6_defifp);
}
pserialize_read_exit(s);
return (error);
}

21
sys/netinet6/scope6.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: scope6.c,v 1.13 2016/05/19 03:11:42 ozaki-r Exp $ */
/* $NetBSD: scope6.c,v 1.14 2016/06/15 06:01:21 ozaki-r Exp $ */
/* $KAME$ */
/*-
@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: scope6.c,v 1.13 2016/05/19 03:11:42 ozaki-r Exp $");
__KERNEL_RCSID(0, "$NetBSD: scope6.c,v 1.14 2016/06/15 06:01:21 ozaki-r Exp $");
#include <sys/param.h>
#include <sys/malloc.h>
@ -120,6 +120,7 @@ scope6_set(struct ifnet *ifp, const struct scope6_id *idlist)
for (i = 0; i < 16; i++) {
if (idlist->s6id_list[i] &&
idlist->s6id_list[i] != sid->s6id_list[i]) {
int s;
/*
* An interface zone ID must be the corresponding
* interface index by definition.
@ -128,6 +129,7 @@ scope6_set(struct ifnet *ifp, const struct scope6_id *idlist)
idlist->s6id_list[i] != ifp->if_index)
return (EINVAL);
s = pserialize_read_enter();
if (i == IPV6_ADDR_SCOPE_LINKLOCAL &&
!if_byindex(idlist->s6id_list[i])) {
/*
@ -136,8 +138,10 @@ scope6_set(struct ifnet *ifp, const struct scope6_id *idlist)
* IDs, but we check the consistency for
* safety in later use.
*/
pserialize_read_exit(s);
return (EINVAL);
}
pserialize_read_exit(s);
/*
* XXX: we must need lots of work in this case,
@ -295,15 +299,20 @@ sa6_embedscope(struct sockaddr_in6 *sin6, int defaultok)
if (zoneid != 0 &&
(IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr) ||
IN6_IS_ADDR_MC_INTFACELOCAL(&sin6->sin6_addr))) {
int s;
/*
* At this moment, we only check interface-local and
* link-local scope IDs, and use interface indices as the
* zone IDs assuming a one-to-one mapping between interfaces
* and links.
*/
s = pserialize_read_enter();
ifp = if_byindex(zoneid);
if (ifp == NULL)
if (ifp == NULL) {
pserialize_read_exit(s);
return (ENXIO);
}
pserialize_read_exit(s);
/* XXX assignment to 16bit from 32bit variable */
sin6->sin6_addr.s6_addr16[1] = htons(zoneid & 0xffff);
@ -349,8 +358,12 @@ sa6_recoverscope(struct sockaddr_in6 *sin6)
*/
zoneid = ntohs(sin6->sin6_addr.s6_addr16[1]);
if (zoneid) {
if (!if_byindex(zoneid))
int s = pserialize_read_enter();
if (!if_byindex(zoneid)) {
pserialize_read_exit(s);
return (ENXIO);
}
pserialize_read_exit(s);
sin6->sin6_addr.s6_addr16[1] = 0;
sin6->sin6_scope_id = zoneid;
}