diff options
Diffstat (limited to 'sys/netinet/raw_ip.c')
-rw-r--r-- | sys/netinet/raw_ip.c | 46 |
1 files changed, 20 insertions, 26 deletions
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index a84db95..71eaaa0 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -273,10 +273,9 @@ rip_input(struct mbuf *m, int off) continue; if (inp->inp_faddr.s_addr != ip->ip_src.s_addr) continue; - if (jailed(inp->inp_cred) && - (htonl(prison_getip(inp->inp_cred)) != - ip->ip_dst.s_addr)) { - continue; + if (jailed(inp->inp_cred)) { + if (!prison_check_ip4(inp->inp_cred, &ip->ip_dst)) + continue; } if (last) { struct mbuf *n; @@ -304,10 +303,9 @@ rip_input(struct mbuf *m, int off) if (inp->inp_faddr.s_addr && inp->inp_faddr.s_addr != ip->ip_src.s_addr) continue; - if (jailed(inp->inp_cred) && - (htonl(prison_getip(inp->inp_cred)) != - ip->ip_dst.s_addr)) { - continue; + if (jailed(inp->inp_cred)) { + if (!prison_check_ip4(inp->inp_cred, &ip->ip_dst)) + continue; } if (last) { struct mbuf *n; @@ -369,11 +367,15 @@ rip_output(struct mbuf *m, struct socket *so, u_long dst) ip->ip_off = 0; ip->ip_p = inp->inp_ip_p; ip->ip_len = m->m_pkthdr.len; - if (jailed(inp->inp_cred)) - ip->ip_src.s_addr = - htonl(prison_getip(inp->inp_cred)); - else + if (jailed(inp->inp_cred)) { + if (prison_getip4(inp->inp_cred, &ip->ip_src)) { + INP_RUNLOCK(inp); + m_freem(m); + return (EPERM); + } + } else { ip->ip_src = inp->inp_laddr; + } ip->ip_dst.s_addr = dst; ip->ip_ttl = inp->inp_ip_ttl; } else { @@ -383,13 +385,10 @@ rip_output(struct mbuf *m, struct socket *so, u_long dst) } INP_RLOCK(inp); ip = mtod(m, struct ip *); - if (jailed(inp->inp_cred)) { - if (ip->ip_src.s_addr != - htonl(prison_getip(inp->inp_cred))) { - INP_RUNLOCK(inp); - m_freem(m); - return (EPERM); - } + if (!prison_check_ip4(inp->inp_cred, &ip->ip_src)) { + INP_RUNLOCK(inp); + m_freem(m); + return (EPERM); } /* @@ -805,13 +804,8 @@ rip_bind(struct socket *so, struct sockaddr *nam, struct thread *td) if (nam->sa_len != sizeof(*addr)) return (EINVAL); - if (jailed(td->td_ucred)) { - if (addr->sin_addr.s_addr == INADDR_ANY) - addr->sin_addr.s_addr = - htonl(prison_getip(td->td_ucred)); - if (htonl(prison_getip(td->td_ucred)) != addr->sin_addr.s_addr) - return (EADDRNOTAVAIL); - } + if (!prison_check_ip4(td->td_ucred, &addr->sin_addr)) + return (EADDRNOTAVAIL); if (TAILQ_EMPTY(&V_ifnet) || (addr->sin_family != AF_INET && addr->sin_family != AF_IMPLINK) || |