Discussion:
kauth(9) call inside splnet() in if_bridge.c
(too old to reply)
Elad Efrat
2009-05-08 14:41:18 UTC
Permalink
Hi,

Attached is a diff to move the kauth(9) call in if_bridge.c outside the
splnet() surrounded code.

IIUC, this is something we're interested in, please review. :)

Thanks,

-e.
Quentin Garnier
2009-05-08 15:04:37 UTC
Permalink
Index: if_bridge.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_bridge.c,v
retrieving revision 1.68
diff -u -p -r1.68 if_bridge.c
--- if_bridge.c 4 Apr 2009 15:53:49 -0000 1.68
+++ if_bridge.c 8 May 2009 14:38:48 -0000
@@ -445,9 +445,27 @@ bridge_ioctl(struct ifnet *ifp, u_long c
struct ifbrparam ifbrparam;
} args;
struct ifdrv *ifd = (struct ifdrv *) data;
- const struct bridge_control *bc;
+ const struct bridge_control *bc = NULL; /* XXXGCC */
int s, error = 0;
+ /* Authorize command before calling splnet(). */
+ switch (cmd) {
+ bc = &bridge_control_table[ifd->ifd_cmd];
+
+ /* We only care about BC_F_SUSER at this point. */
+ if ((bc->bc_flags & BC_F_SUSER) == 0)
We're certainly not interested in skipping the test for ifd_cmd's
validity.

I hope you've been more careful for all the commits you've done the
past couple weeks.
--
Quentin Garnier - ***@cubidou.net - ***@NetBSD.org
"See the look on my face from staying too long in one place
[...] every time the morning breaks I know I'm closer to falling"
KT Tunstall, Saving My Face, Drastic Fantastic, 2007.
Elad Efrat
2009-05-08 15:24:32 UTC
Permalink
Post by Quentin Garnier
We're certainly not interested in skipping the test for ifd_cmd's
validity.
Sorry, forgot to cut & paste another part of the code -- fixed now, thanks.

Anything else?

-e.

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...