Implement socket delivery MAC checks for IPX/SPX.

Obtained from: TrustedBSD Project MFC after: 3 days
author: rwatson <rwatson@FreeBSD.org> 2009-06-20 23:38:21 +0000
committer: rwatson <rwatson@FreeBSD.org> 2009-06-20 23:38:21 +0000
commit: da6735320825654d2417fed4a078082641fa4cdf (patch)
tree: e8d84291821757328d381d86120c5257098dd1b0
parent: e3cb9d1015e8283f4f9d116cf50f510741f8c0dd (diff)
download: FreeBSD-src-da6735320825654d2417fed4a078082641fa4cdf.zip
FreeBSD-src-da6735320825654d2417fed4a078082641fa4cdf.tar.gz
2 files changed, 11 insertions, 0 deletions
diff --git a/sys/netipx/ipx_usrreq.c b/sys/netipx/ipx_usrreq.c
index ef9c1ad..5fcfa36 100644
--- a/sys/netipx/ipx_usrreq.c
+++ b/sys/netipx/ipx_usrreq.c
@@ -187,6 +187,12 @@ ipx_input(struct mbuf *m, struct ipxpcb *ipxp)
 		m->m_pkthdr.len -= sizeof(struct ipx);
 		m->m_data += sizeof(struct ipx);
 	}
+#ifdef MAC
+	if (mac_socket_check_deliver(ipxp->ipxp_socket, m) != 0) {
+		m_freem(m);
+		return;
+	}
+#endif
 	if (sbappendaddr(&ipxp->ipxp_socket->so_rcv,
 	    (struct sockaddr *)&ipx_ipx, m, NULL) == 0)
 		m_freem(m);
diff --git a/sys/netipx/spx_usrreq.c b/sys/netipx/spx_usrreq.c
index f6b63e2..2b18288 100644
--- a/sys/netipx/spx_usrreq.c
+++ b/sys/netipx/spx_usrreq.c
@@ -225,6 +225,11 @@ spx_input(struct mbuf *m, struct ipxpcb *ipxp)
 	so = ipxp->ipxp_socket;
 	KASSERT(so != NULL, ("spx_input: so == NULL"));
 
+#ifdef MAC
+	if (mac_socket_check_deliver(so, m) != 0)
+		goto drop;
+#endif
+
 	if (so->so_options & SO_DEBUG || traceallspxs) {
 		ostate = cb->s_state;
 		spx_savesi = *si;
author	rwatson <rwatson@FreeBSD.org>	2009-06-20 23:38:21 +0000
committer	rwatson <rwatson@FreeBSD.org>	2009-06-20 23:38:21 +0000
commit	da6735320825654d2417fed4a078082641fa4cdf (patch)
tree	e8d84291821757328d381d86120c5257098dd1b0
parent	e3cb9d1015e8283f4f9d116cf50f510741f8c0dd (diff)
download	FreeBSD-src-da6735320825654d2417fed4a078082641fa4cdf.zip FreeBSD-src-da6735320825654d2417fed4a078082641fa4cdf.tar.gz