aboutsummaryrefslogtreecommitdiffstats
path: root/sys/netinet6/in6.c
diff options
context:
space:
mode:
authorColin Percival <cperciva@FreeBSD.org>2009-06-10 10:31:11 +0000
committerColin Percival <cperciva@FreeBSD.org>2009-06-10 10:31:11 +0000
commit1baa48a657c12243a988556dba78f381710cf60f (patch)
tree56606fcfbc43ee183c8614f32bf6f19c51129fd5 /sys/netinet6/in6.c
parent54055718ff5134ddd61afc4c5f01440022040a06 (diff)
downloadsrc-1baa48a657c12243a988556dba78f381710cf60f.tar.gz
src-1baa48a657c12243a988556dba78f381710cf60f.zip
Prevent integer overflow in direct pipe write code from circumventing
virtual-to-physical page lookups. [09:09] Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10] Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11] Approved by: so (cperciva) Approved by: re (not really, but SVN wants this...) Security: FreeBSD-SA-09:09.pipe Security: FreeBSD-SA-09:10.ipv6 Security: FreeBSD-SA-09:11.ntpd
Notes
Notes: svn path=/releng/7.2/; revision=193893
Diffstat (limited to 'sys/netinet6/in6.c')
-rw-r--r--sys/netinet6/in6.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index 98dafbb540c0..39a8b39f846b 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -354,6 +354,7 @@ in6_control(struct socket *so, u_long cmd, caddr_t data,
case SIOCSRTRFLUSH_IN6:
case SIOCSDEFIFACE_IN6:
case SIOCSIFINFO_FLAGS:
+ case SIOCSIFINFO_IN6:
if (td != NULL) {
error = priv_check(td, PRIV_NETINET_ND6);
if (error)
@@ -362,7 +363,6 @@ in6_control(struct socket *so, u_long cmd, caddr_t data,
/* FALLTHROUGH */
case OSIOCGIFINFO_IN6:
case SIOCGIFINFO_IN6:
- case SIOCSIFINFO_IN6:
case SIOCGDRLST_IN6:
case SIOCGPRLST_IN6:
case SIOCGNBRINFO_IN6: