aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGordon Tetlow <gordon@FreeBSD.org>2020-03-19 16:48:29 +0000
committerGordon Tetlow <gordon@FreeBSD.org>2020-03-19 16:48:29 +0000
commit03a5d3e78cda9e430d4b921475056a6f17a69c5a (patch)
treeab8253d1ae1ecc5861d2a6868caee35ebd863457
parent8274d878c0e1ee57563567e2ae8becf75f9143b1 (diff)
downloadsrc-03a5d3e78cda9e430d4b921475056a6f17a69c5a.tar.gz
src-03a5d3e78cda9e430d4b921475056a6f17a69c5a.zip
Fix insufficient oce(4) ioctl(2) privilege checking.
Approved by: so Security: FreeBSD-SA-20:05.if_oce_ioctl Security: CVE-2019-15876
Notes
Notes: svn path=/releng/12.1/; revision=359139
-rw-r--r--sys/dev/oce/oce_if.c3
-rw-r--r--sys/dev/oce/oce_if.h1
2 files changed, 4 insertions, 0 deletions
diff --git a/sys/dev/oce/oce_if.c b/sys/dev/oce/oce_if.c
index 14ca24086bb5..b5a146f8d9cb 100644
--- a/sys/dev/oce/oce_if.c
+++ b/sys/dev/oce/oce_if.c
@@ -621,6 +621,9 @@ oce_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
break;
case SIOCGPRIVATE_0:
+ rc = priv_check(curthread, PRIV_DRIVER);
+ if (rc != 0)
+ break;
rc = oce_handle_passthrough(ifp, data);
break;
default:
diff --git a/sys/dev/oce/oce_if.h b/sys/dev/oce/oce_if.h
index 5cf004b2dea5..215be567f7cb 100644
--- a/sys/dev/oce/oce_if.h
+++ b/sys/dev/oce/oce_if.h
@@ -48,6 +48,7 @@
#include <sys/kernel.h>
#include <sys/bus.h>
#include <sys/mbuf.h>
+#include <sys/priv.h>
#include <sys/rman.h>
#include <sys/socket.h>
#include <sys/sockio.h>