diff options
author | pjd <pjd@FreeBSD.org> | 2006-06-27 11:35:53 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2006-06-27 11:35:53 +0000 |
commit | 7f09680f0c87e3fa5b79fafb2016eb337dd35779 (patch) | |
tree | a0df08bb1fe778e4df12a8e3d98c6ee7b968e52c | |
parent | 97382ba992b2246952e73a36460bcdfbb32f1c02 (diff) | |
download | FreeBSD-src-7f09680f0c87e3fa5b79fafb2016eb337dd35779.zip FreeBSD-src-7f09680f0c87e3fa5b79fafb2016eb337dd35779.tar.gz |
- Use suser_cred(9) instead of directly checking cr_uid.
- Change the order of conditions to first verify that we actually need
to check for privileges and then eventually check them.
Reviewed by: rwatson
-rw-r--r-- | sys/netinet/in_pcb.c | 4 | ||||
-rw-r--r-- | sys/netinet6/in6_pcb.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 83b9407..317be67 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -331,8 +331,8 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp, return (EACCES); if (jailed(cred)) prison = 1; - if (so->so_cred->cr_uid != 0 && - !IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { + if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) && + suser_cred(so->so_cred, SUSER_ALLOWJAIL) != 0) { t = in_pcblookup_local(inp->inp_pcbinfo, sin->sin_addr, lport, prison ? 0 : INPLOOKUP_WILDCARD); diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index e83d043..37809eb 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -192,8 +192,8 @@ in6_pcbbind(inp, nam, cred) ntohs(lport) >= ipport_reservedlow && suser_cred(cred, SUSER_ALLOWJAIL)) return (EACCES); - if (so->so_cred->cr_uid != 0 && - !IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { + if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) && + suser_cred(so->so_cred, SUSER_ALLOWJAIL) != 0) { t = in6_pcblookup_local(pcbinfo, &sin6->sin6_addr, lport, INPLOOKUP_WILDCARD); |