diff options
author | trociny <trociny@FreeBSD.org> | 2012-12-15 17:19:36 +0000 |
---|---|---|
committer | trociny <trociny@FreeBSD.org> | 2012-12-15 17:19:36 +0000 |
commit | 8458a615d7b84536adea895daff3c00413734f8b (patch) | |
tree | 6ee50fd3b73fd29ff711ef3f68c84bdbde18283f /sys/netpfil/pf/pf_ioctl.c | |
parent | c3c1c81918dd701cfecb370f591746bacc907e4d (diff) | |
download | FreeBSD-src-8458a615d7b84536adea895daff3c00413734f8b.zip FreeBSD-src-8458a615d7b84536adea895daff3c00413734f8b.tar.gz |
In pfioctl, if the permission checks failed we returned with vnet context
set.
As the checks don't require vnet context, this is fixed by setting
vnet after the checks.
PR: kern/160541
Submitted by: Nikos Vassiliadis (slightly different approach)
Diffstat (limited to 'sys/netpfil/pf/pf_ioctl.c')
-rw-r--r-- | sys/netpfil/pf/pf_ioctl.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index a8b71d5..beb7ff8 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -963,8 +963,6 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td { int error = 0; - CURVNET_SET(TD_TO_VNET(td)); - /* XXX keep in sync with switch() below */ if (securelevel_gt(td->td_ucred, 2)) switch (cmd) { @@ -1068,6 +1066,8 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td return (EACCES); } + CURVNET_SET(TD_TO_VNET(td)); + switch (cmd) { case DIOCSTART: PF_RULES_WLOCK(); |