diff options
| author | tuexen <tuexen@FreeBSD.org> | 2014-06-23 07:54:12 +0000 |
|---|---|---|
| committer | tuexen <tuexen@FreeBSD.org> | 2014-06-23 07:54:12 +0000 |
| commit | 41ae4ee23b1f12bd4544ec3a0771f62879b454c1 (patch) | |
| tree | b87905be0f947f0096a5e7e10587e62b8849d1a0 /sys/netinet/sctputil.c | |
| parent | e77b6c99346ca051d33f757061583fab17d94930 (diff) | |
| download | FreeBSD-src-41ae4ee23b1f12bd4544ec3a0771f62879b454c1.zip FreeBSD-src-41ae4ee23b1f12bd4544ec3a0771f62879b454c1.tar.gz | |
MFC r267674:
Honor jails for unbound SCTP sockets when selecting source addresses,
reporting IP-addresses to the peer during the handshake, adding
addresses to the host, reporting the addresses via the sysctl
interface (used by netstat, for example) and reporting the
addresses to the application via socket options.
This issue was reported by Bernd Walter.
Diffstat (limited to 'sys/netinet/sctputil.c')
| -rw-r--r-- | sys/netinet/sctputil.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c index 92ee88f..53e5869 100644 --- a/sys/netinet/sctputil.c +++ b/sys/netinet/sctputil.c @@ -6693,6 +6693,10 @@ sctp_local_addr_count(struct sctp_tcb *stcb) */ continue; } + if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, + &sin->sin_addr) != 0) { + continue; + } if ((ipv4_local_scope == 0) && (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { continue; @@ -6713,6 +6717,10 @@ sctp_local_addr_count(struct sctp_tcb *stcb) if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { continue; } + if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, + &sin6->sin6_addr) != 0) { + continue; + } if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { if (local_scope == 0) continue; |
