Date: Sat, 20 Jun 2009 23:38:21 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r194561 - head/sys/netipx Message-ID: <200906202338.n5KNcLvS089685@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Sat Jun 20 23:38:21 2009 New Revision: 194561 URL: http://svn.freebsd.org/changeset/base/194561 Log: Implement socket delivery MAC checks for IPX/SPX. Obtained from: TrustedBSD Project MFC after: 3 days Modified: head/sys/netipx/ipx_usrreq.c head/sys/netipx/spx_usrreq.c Modified: head/sys/netipx/ipx_usrreq.c ============================================================================== --- head/sys/netipx/ipx_usrreq.c Sat Jun 20 20:44:27 2009 (r194560) +++ head/sys/netipx/ipx_usrreq.c Sat Jun 20 23:38:21 2009 (r194561) @@ -187,6 +187,12 @@ ipx_input(struct mbuf *m, struct ipxpcb m->m_pkthdr.len -= sizeof(struct ipx); m->m_data += sizeof(struct ipx); } +#ifdef MAC + if (mac_socket_check_deliver(ipxp->ipxp_socket, m) != 0) { + m_freem(m); + return; + } +#endif if (sbappendaddr(&ipxp->ipxp_socket->so_rcv, (struct sockaddr *)&ipx_ipx, m, NULL) == 0) m_freem(m); Modified: head/sys/netipx/spx_usrreq.c ============================================================================== --- head/sys/netipx/spx_usrreq.c Sat Jun 20 20:44:27 2009 (r194560) +++ head/sys/netipx/spx_usrreq.c Sat Jun 20 23:38:21 2009 (r194561) @@ -225,6 +225,11 @@ spx_input(struct mbuf *m, struct ipxpcb so = ipxp->ipxp_socket; KASSERT(so != NULL, ("spx_input: so == NULL")); +#ifdef MAC + if (mac_socket_check_deliver(so, m) != 0) + goto drop; +#endif + if (so->so_options & SO_DEBUG || traceallspxs) { ostate = cb->s_state; spx_savesi = *si;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906202338.n5KNcLvS089685>