Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Jan 2020 08:34:55 -0800
From:      Gleb Smirnoff <glebius@freebsd.org>
To:        Kristof Provost <kp@freebsd.org>, Ilja Van Sprundel <ivansprundel@ioactive.com>
Cc:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r357233 - head/sys/net
Message-ID:  <20200130163455.GH1268@FreeBSD.org>
In-Reply-To: <202001282244.00SMiPrb077446@repo.freebsd.org>
References:  <202001282244.00SMiPrb077446@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Jan 28, 2020 at 10:44:25PM +0000, Kristof Provost wrote:
K> Author: kp
K> Date: Tue Jan 28 22:44:24 2020
K> New Revision: 357233
K> URL: https://svnweb.freebsd.org/changeset/base/357233
K> 
K> Log:
K>   epair: Do not abuse params to register the second interface
K>   
K>   if_epair used the 'params' argument to pass a pointer to the b interface
K>   through if_clone_create().
K>   This pointer can be controlled by userspace, which means it could be abused to
K>   trigger a panic. While this requires PRIV_NET_IFCREATE
K>   privileges those are assigned to vnet jails, which means that vnet jails
K>   could panic the system.
K>   
K>   Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>
...
K> Modified: head/sys/net/if_clone.h
K> ==============================================================================
K> --- head/sys/net/if_clone.h	Tue Jan 28 21:46:59 2020	(r357232)
K> +++ head/sys/net/if_clone.h	Tue Jan 28 22:44:24 2020	(r357233)
K> @@ -79,7 +79,8 @@ int	if_clone_list(struct if_clonereq *);
K>  struct if_clone *if_clone_findifc(struct ifnet *);
K>  void	if_clone_addgroup(struct ifnet *, struct if_clone *);
K>  
K> -/* The below interface used only by epair(4). */
K> +/* The below interfaces are used only by epair(4). */
K> +void	if_clone_addif(struct if_clone *, struct ifnet *);
K>  int	if_clone_destroyif(struct if_clone *, struct ifnet *);

IMHO, makes sense to move all these declaration into if_epair.c itself.

-- 
Gleb Smirnoff

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200130163455.GH1268>