svn commit: r357233 - head/sys/net
Gleb Smirnoff
glebius at freebsd.org
Thu Jan 30 16:35:00 UTC 2020
On Tue, Jan 28, 2020 at 10:44:25PM +0000, Kristof Provost wrote:
K> Author: kp
K> Date: Tue Jan 28 22:44:24 2020
K> New Revision: 357233
K> URL: https://svnweb.freebsd.org/changeset/base/357233
K>
K> Log:
K> epair: Do not abuse params to register the second interface
K>
K> if_epair used the 'params' argument to pass a pointer to the b interface
K> through if_clone_create().
K> This pointer can be controlled by userspace, which means it could be abused to
K> trigger a panic. While this requires PRIV_NET_IFCREATE
K> privileges those are assigned to vnet jails, which means that vnet jails
K> could panic the system.
K>
K> Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
...
K> Modified: head/sys/net/if_clone.h
K> ==============================================================================
K> --- head/sys/net/if_clone.h Tue Jan 28 21:46:59 2020 (r357232)
K> +++ head/sys/net/if_clone.h Tue Jan 28 22:44:24 2020 (r357233)
K> @@ -79,7 +79,8 @@ int if_clone_list(struct if_clonereq *);
K> struct if_clone *if_clone_findifc(struct ifnet *);
K> void if_clone_addgroup(struct ifnet *, struct if_clone *);
K>
K> -/* The below interface used only by epair(4). */
K> +/* The below interfaces are used only by epair(4). */
K> +void if_clone_addif(struct if_clone *, struct ifnet *);
K> int if_clone_destroyif(struct if_clone *, struct ifnet *);
IMHO, makes sense to move all these declaration into if_epair.c itself.
--
Gleb Smirnoff
More information about the svn-src-all
mailing list