From 7f09680f0c87e3fa5b79fafb2016eb337dd35779 Mon Sep 17 00:00:00 2001 From: pjd Date: Tue, 27 Jun 2006 11:35:53 +0000 Subject: - Use suser_cred(9) instead of directly checking cr_uid. - Change the order of conditions to first verify that we actually need to check for privileges and then eventually check them. Reviewed by: rwatson --- sys/netinet/in_pcb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sys/netinet/in_pcb.c') diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 83b9407..317be67 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -331,8 +331,8 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp, return (EACCES); if (jailed(cred)) prison = 1; - if (so->so_cred->cr_uid != 0 && - !IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { + if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) && + suser_cred(so->so_cred, SUSER_ALLOWJAIL) != 0) { t = in_pcblookup_local(inp->inp_pcbinfo, sin->sin_addr, lport, prison ? 0 : INPLOOKUP_WILDCARD); -- cgit v1.1