From owner-freebsd-bugs@FreeBSD.ORG Wed Dec 8 23:50:30 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B24EA16A559 for ; Wed, 8 Dec 2004 23:50:27 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE55F43D94 for ; Wed, 8 Dec 2004 23:50:24 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id iB8NoN8W029580 for ; Wed, 8 Dec 2004 23:50:23 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id iB8NoNJ0029579; Wed, 8 Dec 2004 23:50:23 GMT (envelope-from gnats) Resent-Date: Wed, 8 Dec 2004 23:50:23 GMT Resent-Message-Id: <200412082350.iB8NoNJ0029579@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, dave baukus Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 891ED16A4EF for ; Wed, 8 Dec 2004 23:40:33 +0000 (GMT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7784343D73 for ; Wed, 8 Dec 2004 23:40:16 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id iB8NeDxX093474 for ; Wed, 8 Dec 2004 23:40:13 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id iB8NeD0i093473; Wed, 8 Dec 2004 23:40:13 GMT (envelope-from nobody) Message-Id: <200412082340.iB8NeD0i093473@www.freebsd.org> Date: Wed, 8 Dec 2004 23:40:13 GMT From: dave baukus To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Subject: kern/74876: Can not receive Hop by Hop options X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Dec 2004 23:50:31 -0000 >Number: 74876 >Category: kern >Synopsis: Can not receive Hop by Hop options >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Dec 08 23:50:23 GMT 2004 >Closed-Date: >Last-Modified: >Originator: dave baukus >Release: 4.10 >Organization: Chiaro Networks >Environment: FreeBSD kavachi 4.10-RELEASE FreeBSD 4.10-RELEASE #0: Wed Dec 8 15:43:48 CST 2004dbaukus@krakatoa.chiaro.com:/home/dbaukus/kavachi-kern/compile/CHIAROS i386 >Description: It is impossible for an application receive an IPv6 Hop By Hop option via the RFC 2293 API; a bug in the kernel prevents this. >How-To-Repeat: Write a program that sends and receives IPv6 packets using the RFC 2292 API; enable the receiving socket to extract the Hop by Hop ancillary data. The kernel will not append the Hop by Hop options to the socket() because of a bogus "privilege" check in ip6_savecontrol(); The check is bogus because it relies on curproc, this function is executed from ip6_input via ip6intr() from softclock. curproc, if not NULL, almost certainly has no relationship to the destination socket. >Fix: Remove the "privileged" check from the IN6P_HOPOPTS delivery in ip6_savecontrol(); the setsockopt(...,IPV6_HOPOPTS,...) code already checks suser() when the IN6P_HOPOPTS flag is set; therefore, only a privileged socket will be able to receive these options. ip6_savecontrol () diff: 1372c1372 < if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0 && privileged) { --- > if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) { >Release-Note: >Audit-Trail: >Unformatted: