diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2022-12-07 01:02:29 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2022-12-07 01:02:29 +0000 |
| commit | 1868e7415eae8e2c89cd8846a807b543e7cb2220 (patch) | |
| tree | e8700ed7ab7ea103a3d98bf7048ed453e5ba25c7 /sys/kern | |
| parent | 0958e9fc8102842b458ddf4e73e184edd65ff0ed (diff) | |
If the called of ypconnect(2) is root, the socket should acquire a
reserved port to received secure-maps from the ypserver.
issue found by niklas, using a simpler diff i proposed
ok miod
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/uipc_syscalls.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c index 4e5dd64402f..395f0a20c26 100644 --- a/sys/kern/uipc_syscalls.c +++ b/sys/kern/uipc_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_syscalls.c,v 1.206 2022/12/05 23:18:37 deraadt Exp $ */ +/* $OpenBSD: uipc_syscalls.c,v 1.207 2022/12/07 01:02:28 deraadt Exp $ */ /* $NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $ */ /* @@ -60,6 +60,9 @@ #include <sys/domain.h> #include <netinet/in.h> +#include <netinet/ip.h> +#include <net/route.h> +#include <netinet/in_pcb.h> #include <net/rtable.h> int copyaddrout(struct proc *, struct mbuf *, struct sockaddr *, socklen_t, @@ -1648,6 +1651,11 @@ out: ktrsockaddr(p, mtod(nam, caddr_t), sizeof(struct sockaddr_in)); #endif solock(so); + + /* Secure YP maps require reserved ports */ + if (suser(p) == 0) + sotoinpcb(so)->inp_flags |= INP_LOWPORT; + error = soconnect(so, nam); while ((so->so_state & SS_ISCONNECTING) && so->so_error == 0) { error = sosleep_nsec(so, &so->so_timeo, PSOCK | PCATCH, |