diff options
author | rwatson <rwatson@FreeBSD.org> | 2009-06-20 23:38:21 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2009-06-20 23:38:21 +0000 |
commit | da6735320825654d2417fed4a078082641fa4cdf (patch) | |
tree | e8d84291821757328d381d86120c5257098dd1b0 /sys/netipx | |
parent | e3cb9d1015e8283f4f9d116cf50f510741f8c0dd (diff) | |
download | FreeBSD-src-da6735320825654d2417fed4a078082641fa4cdf.zip FreeBSD-src-da6735320825654d2417fed4a078082641fa4cdf.tar.gz |
Implement socket delivery MAC checks for IPX/SPX.
Obtained from: TrustedBSD Project
MFC after: 3 days
Diffstat (limited to 'sys/netipx')
-rw-r--r-- | sys/netipx/ipx_usrreq.c | 6 | ||||
-rw-r--r-- | sys/netipx/spx_usrreq.c | 5 |
2 files changed, 11 insertions, 0 deletions
diff --git a/sys/netipx/ipx_usrreq.c b/sys/netipx/ipx_usrreq.c index ef9c1ad..5fcfa36 100644 --- a/sys/netipx/ipx_usrreq.c +++ b/sys/netipx/ipx_usrreq.c @@ -187,6 +187,12 @@ ipx_input(struct mbuf *m, struct ipxpcb *ipxp) m->m_pkthdr.len -= sizeof(struct ipx); m->m_data += sizeof(struct ipx); } +#ifdef MAC + if (mac_socket_check_deliver(ipxp->ipxp_socket, m) != 0) { + m_freem(m); + return; + } +#endif if (sbappendaddr(&ipxp->ipxp_socket->so_rcv, (struct sockaddr *)&ipx_ipx, m, NULL) == 0) m_freem(m); diff --git a/sys/netipx/spx_usrreq.c b/sys/netipx/spx_usrreq.c index f6b63e2..2b18288 100644 --- a/sys/netipx/spx_usrreq.c +++ b/sys/netipx/spx_usrreq.c @@ -225,6 +225,11 @@ spx_input(struct mbuf *m, struct ipxpcb *ipxp) so = ipxp->ipxp_socket; KASSERT(so != NULL, ("spx_input: so == NULL")); +#ifdef MAC + if (mac_socket_check_deliver(so, m) != 0) + goto drop; +#endif + if (so->so_options & SO_DEBUG || traceallspxs) { ostate = cb->s_state; spx_savesi = *si; |