summaryrefslogtreecommitdiff
path: root/sys/netinet
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/in_pcb.c3
-rw-r--r--sys/netinet/ip_output.c9
2 files changed, 9 insertions, 3 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 333e5b3f071..74247a92ac7 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: in_pcb.c,v 1.108 2009/11/13 20:54:05 claudio Exp $ */
+/* $OpenBSD: in_pcb.c,v 1.109 2009/11/27 20:05:50 guenther Exp $ */
/* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */
/*
@@ -198,6 +198,7 @@ in_pcballoc(so, v)
inp->inp_seclevel[SL_ESP_TRANS] = ipsec_esp_trans_default_level;
inp->inp_seclevel[SL_ESP_NETWORK] = ipsec_esp_network_default_level;
inp->inp_seclevel[SL_IPCOMP] = ipsec_ipcomp_default_level;
+ inp->inp_rdomain = curproc->p_rdomain;
s = splnet();
CIRCLEQ_INSERT_HEAD(&table->inpt_queue, inp, inp_queue);
LIST_INSERT_HEAD(INPCBLHASH(table, inp->inp_lport,
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index e091d4d1518..f952ddd5010 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_output.c,v 1.199 2009/11/20 09:02:21 guenther Exp $ */
+/* $OpenBSD: ip_output.c,v 1.200 2009/11/27 20:05:50 guenther Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@@ -1061,8 +1061,8 @@ ip_ctloutput(op, so, level, optname, mp)
struct inpcb *inp = sotoinpcb(so);
struct mbuf *m = *mp;
int optval = 0;
-#ifdef IPSEC
struct proc *p = curproc; /* XXX */
+#ifdef IPSEC
struct ipsec_ref *ipr;
u_int16_t opt16val;
#endif
@@ -1423,6 +1423,11 @@ ip_ctloutput(op, so, level, optname, mp)
break;
}
rtid = *mtod(m, u_int *);
+ if (p->p_rdomain != 0 && p->p_rdomain != rtid &&
+ (error = suser(p, 0)) != 0) {
+ error = EACCES;
+ break;
+ }
/* table must exist and be a domain */
if (!rtable_exists(rtid) || rtid != rtable_l2(rtid)) {
error = EINVAL;
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-27 01:27:48 +0000