diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2015-11-20 23:26:09 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2015-11-20 23:26:09 +0000 |
| commit | b3b5bfbd60eeb66fe3c4ea3f9bbde6691f7df512 (patch) | |
| tree | 12f12e922667a773f2d4bb5d1b396fafee433fa7 | |
| parent | 3d9909217d438dcb7957ccecb6416b9280b2f26d (diff) | |
bgpd has been naughty. It tries to play with AF_UNIX sockets without
pledging "unix".
Move control_listen up to the main process which already has
pledge("unix"). accept(2) was already allowed.
(Technically no longer necessary since listen(2) is now allowed, too,
but this moves it to the right place.)
OK claudio@, deraadt@
| -rw-r--r-- | usr.sbin/bgpd/bgpd.c | 6 | ||||
| -rw-r--r-- | usr.sbin/bgpd/session.c | 4 |
2 files changed, 6 insertions, 4 deletions
diff --git a/usr.sbin/bgpd/bgpd.c b/usr.sbin/bgpd/bgpd.c index bc556608f6c..f6e19cab83a 100644 --- a/usr.sbin/bgpd/bgpd.c +++ b/usr.sbin/bgpd/bgpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bgpd.c,v 1.181 2015/11/17 17:54:01 benno Exp $ */ +/* $OpenBSD: bgpd.c,v 1.182 2015/11/20 23:26:08 florian Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -849,6 +849,8 @@ control_setup(struct bgpd_config *conf) fatal("strdup"); if ((fd = control_init(0, cname)) == -1) fatalx("control socket setup failed"); + if (control_listen(fd) == -1) + fatalx("control socket setup failed"); restricted = 0; if (imsg_compose(ibuf_se, IMSG_RECONF_CTRL, 0, 0, fd, &restricted, sizeof(restricted)) == -1) @@ -868,6 +870,8 @@ control_setup(struct bgpd_config *conf) fatal("strdup"); if ((fd = control_init(1, rcname)) == -1) fatalx("control socket setup failed"); + if (control_listen(fd) == -1) + fatalx("control socket setup failed"); restricted = 1; if (imsg_compose(ibuf_se, IMSG_RECONF_CTRL, 0, 0, fd, &restricted, sizeof(restricted)) == -1) diff --git a/usr.sbin/bgpd/session.c b/usr.sbin/bgpd/session.c index 56041d3943a..8c853a1a0d2 100644 --- a/usr.sbin/bgpd/session.c +++ b/usr.sbin/bgpd/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.346 2015/11/17 09:15:21 benno Exp $ */ +/* $OpenBSD: session.c,v 1.347 2015/11/20 23:26:08 florian Exp $ */ /* * Copyright (c) 2003, 2004, 2005 Henning Brauer <henning@openbsd.org> @@ -2660,11 +2660,9 @@ session_dispatch_imsg(struct imsgbuf *ibuf, int idx, u_int *listener_cnt) if (restricted) { control_shutdown(rcsock); rcsock = imsg.fd; - control_listen(rcsock); } else { control_shutdown(csock); csock = imsg.fd; - control_listen(csock); } break; case IMSG_RECONF_DONE: |