Date: Fri, 17 Jan 2014 01:15:35 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r260798 - user/ae/inet6/sys/kern Message-ID: <201401170115.s0H1FZGY099180@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Fri Jan 17 01:15:34 2014 New Revision: 260798 URL: http://svnweb.freebsd.org/changeset/base/260798 Log: Accept configuration requests from old binaries with JAIL_API_VERSION == 2. Discussed with: bz Modified: user/ae/inet6/sys/kern/kern_jail.c Modified: user/ae/inet6/sys/kern/kern_jail.c ============================================================================== --- user/ae/inet6/sys/kern/kern_jail.c Thu Jan 16 22:28:33 2014 (r260797) +++ user/ae/inet6/sys/kern/kern_jail.c Fri Jan 17 01:15:34 2014 (r260798) @@ -139,6 +139,7 @@ static int _prison_check_ip4(const struc static int prison_restrict_ip4(struct prison *pr, struct in_addr *newip4); #endif #ifdef INET6 +static int copyin_inet6(struct jail *j, void *kaddr); static int _prison_check_ip6(struct prison *, const struct sockaddr_in6 *); static int prison_restrict_ip6(struct prison *, struct sockaddr_in6 *); #define SA6_ARE_ADDR_EQUAL(a, b) \ @@ -415,13 +416,6 @@ kern_jail(struct thread *td, struct jail return (EINVAL); #endif #ifdef INET6 - /* - * We don't support the old way, when the list of IPv6 addresses - * is specified via struct in6_addr. - * XXX: in some case we can (i.e. until LLA isn't used). - */ - if (j->version < 3) - return (EINVAL); if (j->ip6s > jail_max_af_ips) return (EINVAL); tmplen += j->ip6s * sizeof(struct sockaddr_in6); @@ -500,7 +494,7 @@ kern_jail(struct thread *td, struct jail opt.uio_iovcnt++; optiov[opt.uio_iovcnt].iov_base = u_ip6; optiov[opt.uio_iovcnt].iov_len = j->ip6s * sizeof(struct sockaddr_in6); - error = copyin(j->ip6, u_ip6, optiov[opt.uio_iovcnt].iov_len); + error = copyin_inet6(j, u_ip6); if (error) { free(u_path, M_TEMP); return (error); @@ -3015,6 +3009,39 @@ prison_check_ip4(const struct ucred *cre #ifdef INET6 static int +copyin_inet6(struct jail *j, void *kaddr) +{ + struct sockaddr_in6 *ip6; + struct in6_addr *in6; + size_t len; + int error, i; + char *buf; + + if (j->version == 3) + return (copyin(j->ip6, kaddr, + j->ip6s * sizeof(struct sockaddr_in6))); + if (j->version != 2) + return (EINVAL); + len = j->ip6s * sizeof(struct in6_addr); + buf = malloc(len, M_TEMP, M_WAITOK); + error = copyin(j->ip6, buf, len); + if (error != 0) { + free(buf, M_TEMP); + return (error); + } + bzero(kaddr, j->ip6s * sizeof(struct sockaddr_in6)); + ip6 = (struct sockaddr_in6 *)kaddr; + in6 = (struct in6_addr *)buf; + for (i = 0; i < j->ip6s; i++) { + ip6[i].sin6_family = AF_INET6; + ip6[i].sin6_len = sizeof(*ip6); + ip6[i].sin6_addr = in6[i]; + } + free(buf, M_TEMP); + return (0); +} + +static int prison_restrict_ip6(struct prison *pr, struct sockaddr_in6 *newip6) { int ii, ij, used;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401170115.s0H1FZGY099180>