Date: Mon, 02 Jan 2017 09:08:54 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 200361] net.inet.tcp.hostcache.list is jail information leak Message-ID: <bug-200361-2472-9I96imYXlH@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-200361-2472@https.bugs.freebsd.org/bugzilla/> References: <bug-200361-2472@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D200361 Hiren Panchasara <hiren@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hiren@FreeBSD.org --- Comment #4 from Hiren Panchasara <hiren@FreeBSD.org> --- diff --git a/sys/netinet/tcp_hostcache.c b/sys/netinet/tcp_hostcache.c index bb2efda..8b1aab5 100644 --- a/sys/netinet/tcp_hostcache.c +++ b/sys/netinet/tcp_hostcache.c @@ -69,10 +69,12 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/systm.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/lock.h> #include <sys/mutex.h> #include <sys/malloc.h> +#include <sys/pcpu.h> #include <sys/sbuf.h> #include <sys/socket.h> #include <sys/socketvar.h> @@ -625,6 +627,9 @@ sysctl_tcp_hc_list(SYSCTL_HANDLER_ARGS) char ip6buf[INET6_ADDRSTRLEN]; #endif + if (jailed_without_vnet(curthread->td_cred) !=3D 0) + return (EPERM); + sbuf_new(&sb, NULL, linesize * (V_tcp_hostcache.cache_count + 1), SBUF_INCLUDENUL); This compiles if anyone wants to test before I can get to it. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200361-2472-9I96imYXlH>