Fixed the security breach I introduced in rev 1.145.

Disallow getsockopt(IP_FW_ADD) if securelevel >= 3. PR: 22600
author: ru <ru@FreeBSD.org> 2000-11-07 09:20:32 +0000
committer: ru <ru@FreeBSD.org> 2000-11-07 09:20:32 +0000
commit: 989e1579f6128a2a20383165d0435dbec1ac3fe4 (patch)
tree: 2345f26f88464f09752ce4fc05505d2cc9cfa1b8 /sys/netinet/ip_fw.c
parent: 7dea90b2eff0caafd37b939d317cfd5aefbfd68e (diff)
download: FreeBSD-src-989e1579f6128a2a20383165d0435dbec1ac3fe4.zip
FreeBSD-src-989e1579f6128a2a20383165d0435dbec1ac3fe4.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index b0ce1c5..fbbaa9e 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -1817,11 +1817,11 @@ ip_fw_ctl(struct sockopt *sopt)
 	struct ip_fw frwl, *bp , *buf;
 
 	/*
-	 * Disallow sets in really-really secure mode, but still allow
+	 * Disallow modifications in really-really secure mode, but still allow
 	 * the logging counters to be reset.
 	 */
-	if (sopt->sopt_dir == SOPT_SET && securelevel >= 3 &&
-	    sopt->sopt_name != IP_FW_RESETLOG)
+	if (securelevel >= 3 && (sopt->sopt_name == IP_FW_ADD ||
+	    (sopt->sopt_dir == SOPT_SET && sopt->sopt_name != IP_FW_RESETLOG)))
 			return (EPERM);
 	error = 0;
author	ru <ru@FreeBSD.org>	2000-11-07 09:20:32 +0000
committer	ru <ru@FreeBSD.org>	2000-11-07 09:20:32 +0000
commit	989e1579f6128a2a20383165d0435dbec1ac3fe4 (patch)
tree	2345f26f88464f09752ce4fc05505d2cc9cfa1b8 /sys/netinet/ip_fw.c
parent	7dea90b2eff0caafd37b939d317cfd5aefbfd68e (diff)
download	FreeBSD-src-989e1579f6128a2a20383165d0435dbec1ac3fe4.zip FreeBSD-src-989e1579f6128a2a20383165d0435dbec1ac3fe4.tar.gz