svn commit: r194561 - head/sys/netipx
Robert Watson
rwatson at FreeBSD.org
Sat Jun 20 23:38:22 UTC 2009
Author: rwatson
Date: Sat Jun 20 23:38:21 2009
New Revision: 194561
URL: http://svn.freebsd.org/changeset/base/194561
Log:
Implement socket delivery MAC checks for IPX/SPX.
Obtained from: TrustedBSD Project
MFC after: 3 days
Modified:
head/sys/netipx/ipx_usrreq.c
head/sys/netipx/spx_usrreq.c
Modified: head/sys/netipx/ipx_usrreq.c
==============================================================================
--- head/sys/netipx/ipx_usrreq.c Sat Jun 20 20:44:27 2009 (r194560)
+++ head/sys/netipx/ipx_usrreq.c Sat Jun 20 23:38:21 2009 (r194561)
@@ -187,6 +187,12 @@ ipx_input(struct mbuf *m, struct ipxpcb
m->m_pkthdr.len -= sizeof(struct ipx);
m->m_data += sizeof(struct ipx);
}
+#ifdef MAC
+ if (mac_socket_check_deliver(ipxp->ipxp_socket, m) != 0) {
+ m_freem(m);
+ return;
+ }
+#endif
if (sbappendaddr(&ipxp->ipxp_socket->so_rcv,
(struct sockaddr *)&ipx_ipx, m, NULL) == 0)
m_freem(m);
Modified: head/sys/netipx/spx_usrreq.c
==============================================================================
--- head/sys/netipx/spx_usrreq.c Sat Jun 20 20:44:27 2009 (r194560)
+++ head/sys/netipx/spx_usrreq.c Sat Jun 20 23:38:21 2009 (r194561)
@@ -225,6 +225,11 @@ spx_input(struct mbuf *m, struct ipxpcb
so = ipxp->ipxp_socket;
KASSERT(so != NULL, ("spx_input: so == NULL"));
+#ifdef MAC
+ if (mac_socket_check_deliver(so, m) != 0)
+ goto drop;
+#endif
+
if (so->so_options & SO_DEBUG || traceallspxs) {
ostate = cb->s_state;
spx_savesi = *si;
More information about the svn-src-head
mailing list