summaryrefslogtreecommitdiffstats
path: root/sys/kern/uipc_socket.c
diff options
context:
space:
mode:
authorjamie <jamie@FreeBSD.org>2009-02-05 14:15:18 +0000
committerjamie <jamie@FreeBSD.org>2009-02-05 14:15:18 +0000
commit8f639d4b9ab34b25f907b609cbfdc7610647394f (patch)
tree52b30eb1b41e3912554ac0506d04abbeb25da407 /sys/kern/uipc_socket.c
parent12bbe1869f5926ca7e3457f5424afdca31a1189b (diff)
downloadFreeBSD-src-8f639d4b9ab34b25f907b609cbfdc7610647394f.zip
FreeBSD-src-8f639d4b9ab34b25f907b609cbfdc7610647394f.tar.gz
Don't allow creating a socket with a protocol family that the current
jail doesn't support. This involves a new function prison_check_af, like prison_check_ip[46] but that checks only the family. With this change, most of the errors generated by jailed sockets shouldn't ever occur, at least until jails are changeable. Approved by: bz (mentor)
Diffstat (limited to 'sys/kern/uipc_socket.c')
-rw-r--r--sys/kern/uipc_socket.c9
1 files changed, 1 insertions, 8 deletions
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index c815ac1..9d9a731 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -347,15 +347,8 @@ socreate(int dom, struct socket **aso, int type, int proto,
prp->pr_usrreqs->pru_attach == pru_attach_notsupp)
return (EPROTONOSUPPORT);
- if (jailed(cred) && jail_socket_unixiproute_only &&
- prp->pr_domain->dom_family != PF_LOCAL &&
- prp->pr_domain->dom_family != PF_INET &&
-#ifdef INET6
- prp->pr_domain->dom_family != PF_INET6 &&
-#endif
- prp->pr_domain->dom_family != PF_ROUTE) {
+ if (prison_check_af(cred, prp->pr_domain->dom_family) != 0)
return (EPROTONOSUPPORT);
- }
if (prp->pr_type != type)
return (EPROTOTYPE);
OpenPOWER on IntegriCloud