From owner-svn-src-head@FreeBSD.ORG  Fri Jan  9 21:57:50 2009
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1CC811065672;
	Fri,  9 Jan 2009 21:57:50 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 0B7A08FC0A;
	Fri,  9 Jan 2009 21:57:50 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n09LvnHR070064;
	Fri, 9 Jan 2009 21:57:49 GMT (envelope-from bz@svn.freebsd.org)
Received: (from bz@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n09LvnG4070060;
	Fri, 9 Jan 2009 21:57:49 GMT (envelope-from bz@svn.freebsd.org)
Message-Id: <200901092157.n09LvnG4070060@svn.freebsd.org>
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Fri, 9 Jan 2009 21:57:49 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r186980 - in head/sys: net netinet netinet6
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2009 21:57:50 -0000

Author: bz
Date: Fri Jan  9 21:57:49 2009
New Revision: 186980
URL: http://svn.freebsd.org/changeset/base/186980

Log:
  Restrict arp, ndp and theoretically the FIB listing (if not
  read with libkvm) to the addresses of a prison, when inside a
  jail. [1]
  As the patch from the PR was pre-'new-arp', add checks to the
  llt_dump handlers as well.
  
  While touching RTM_GET in route_output(), consistently use
  curthread credentials rather than the creds from the socket
  there. [2]
  
  PR:		kern/68189
  Submitted by:	Mark Delany <sxcg2-fuwxj@qmda.emu.st> [1]
  Discussed with:	rwatson [2]
  Reviewed by:	rwatson
  MFC after:	4 weeks

Modified:
  head/sys/net/rtsock.c
  head/sys/netinet/in.c
  head/sys/netinet6/in6.c

Modified: head/sys/net/rtsock.c
==============================================================================
--- head/sys/net/rtsock.c	Fri Jan  9 21:39:44 2009	(r186979)
+++ head/sys/net/rtsock.c	Fri Jan  9 21:57:49 2009	(r186980)
@@ -611,6 +611,12 @@ route_output(struct mbuf *m, struct sock
 		case RTM_GET:
 		report:
 			RT_LOCK_ASSERT(rt);
+			if (jailed(curthread->td_ucred) &&
+			    ((rt->rt_flags & RTF_HOST) == 0 ||
+			    !prison_if(curthread->td_ucred, rt_key(rt)))) {
+				RT_UNLOCK(rt);
+				senderr(ESRCH);
+			}
 			info.rti_info[RTAX_DST] = rt_key(rt);
 			info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
 			info.rti_info[RTAX_NETMASK] = rt_mask(rt);
@@ -620,10 +626,10 @@ route_output(struct mbuf *m, struct sock
 				if (ifp) {
 					info.rti_info[RTAX_IFP] =
 					    ifp->if_addr->ifa_addr;
-					if (jailed(so->so_cred)) {
+					if (jailed(curthread->td_ucred)) {
 						error = rtm_get_jailed(
 						    &info, ifp, rt, &saun,
-						    so->so_cred);
+						    curthread->td_ucred);
 						if (error != 0) {
 							RT_UNLOCK(rt);
 							senderr(ESRCH);
@@ -1256,6 +1262,10 @@ sysctl_dumpentry(struct radix_node *rn, 
 
 	if (w->w_op == NET_RT_FLAGS && !(rt->rt_flags & w->w_arg))
 		return 0;
+	if (jailed(w->w_req->td->td_ucred) &&
+	    ((rt->rt_flags & RTF_HOST) == 0 ||
+	    !prison_if(w->w_req->td->td_ucred, rt_key(rt))))
+		return (0);
 	bzero((caddr_t)&info, sizeof(info));
 	info.rti_info[RTAX_DST] = rt_key(rt);
 	info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;

Modified: head/sys/netinet/in.c
==============================================================================
--- head/sys/netinet/in.c	Fri Jan  9 21:39:44 2009	(r186979)
+++ head/sys/netinet/in.c	Fri Jan  9 21:57:49 2009	(r186980)
@@ -1201,6 +1201,10 @@ in_lltable_dump(struct lltable *llt, str
 			/* skip deleted entries */
 			if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID)
 				continue;
+			/* Skip if jailed and not a valid IP of the prison. */
+			if (jailed(wr->td->td_ucred) &&
+			    !prison_if(wr->td->td_ucred, L3_ADDR(lle)))
+				continue;
 			/*
 			 * produce a msg made of:
 			 *  struct rt_msghdr;

Modified: head/sys/netinet6/in6.c
==============================================================================
--- head/sys/netinet6/in6.c	Fri Jan  9 21:39:44 2009	(r186979)
+++ head/sys/netinet6/in6.c	Fri Jan  9 21:57:49 2009	(r186980)
@@ -2240,6 +2240,10 @@ in6_lltable_dump(struct lltable *llt, st
 			/* skip deleted or invalid entries */
 			if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID)
 				continue;
+			/* Skip if jailed and not a valid IP of the prison. */
+			if (jailed(wr->td->td_ucred) &&
+			    !prison_if(wr->td->td_ucred, L3_ADDR(lle)))
+				continue;
 			/*
 			 * produce a msg made of:
 			 *  struct rt_msghdr;