Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5691.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5691.patch')
-rw-r--r--sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5691.patch89
1 files changed, 0 insertions, 89 deletions
diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5691.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5691.patch
deleted file mode 100644
index 9aef1503f770..000000000000
--- a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5691.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-Index: sys/net/if.c
-===================================================================
---- sys/net/if.c (revision 254941)
-+++ sys/net/if.c (working copy)
-@@ -2553,11 +2553,23 @@
- CURVNET_RESTORE();
- return (EOPNOTSUPP);
- }
-+
-+ /*
-+ * Pass the request on to the socket control method, and if the
-+ * latter returns EOPNOTSUPP, directly to the interface.
-+ *
-+ * Make an exception for the legacy SIOCSIF* requests. Drivers
-+ * trust SIOCSIFADDR et al to come from an already privileged
-+ * layer, and do not perform any credentials checks or input
-+ * validation.
-+ */
- #ifndef COMPAT_43
- error = ((*so->so_proto->pr_usrreqs->pru_control)(so, cmd,
- data,
- ifp, td));
-- if (error == EOPNOTSUPP && ifp != NULL && ifp->if_ioctl != NULL)
-+ if (error == EOPNOTSUPP && ifp != NULL && ifp->if_ioctl != NULL &&
-+ cmd != SIOCSIFADDR && cmd != SIOCSIFBRDADDR &&
-+ cmd != SIOCSIFDSTADDR && cmd != SIOCSIFNETMASK)
- error = (*ifp->if_ioctl)(ifp, cmd, data);
- #else
- {
-@@ -2601,7 +2613,9 @@
- data,
- ifp, td));
- if (error == EOPNOTSUPP && ifp != NULL &&
-- ifp->if_ioctl != NULL)
-+ ifp->if_ioctl != NULL &&
-+ cmd != SIOCSIFADDR && cmd != SIOCSIFBRDADDR &&
-+ cmd != SIOCSIFDSTADDR && cmd != SIOCSIFNETMASK)
- error = (*ifp->if_ioctl)(ifp, cmd, data);
- switch (ocmd) {
-
-Index: sys/netinet6/in6.c
-===================================================================
---- sys/netinet6/in6.c (revision 254941)
-+++ sys/netinet6/in6.c (working copy)
-@@ -431,6 +431,18 @@
- case SIOCGIFSTAT_ICMP6:
- sa6 = &ifr->ifr_addr;
- break;
-+ case SIOCSIFADDR:
-+ case SIOCSIFBRDADDR:
-+ case SIOCSIFDSTADDR:
-+ case SIOCSIFNETMASK:
-+ /*
-+ * Although we should pass any non-INET6 ioctl requests
-+ * down to driver, we filter some legacy INET requests.
-+ * Drivers trust SIOCSIFADDR et al to come from an already
-+ * privileged layer, and do not perform any credentials
-+ * checks or input validation.
-+ */
-+ return (EINVAL);
- default:
- sa6 = NULL;
- break;
-Index: sys/netnatm/natm.c
-===================================================================
---- sys/netnatm/natm.c (revision 254941)
-+++ sys/netnatm/natm.c (working copy)
-@@ -339,6 +339,21 @@
- npcb = (struct natmpcb *)so->so_pcb;
- KASSERT(npcb != NULL, ("natm_usr_control: npcb == NULL"));
-
-+ switch (cmd) {
-+ case SIOCSIFADDR:
-+ case SIOCSIFBRDADDR:
-+ case SIOCSIFDSTADDR:
-+ case SIOCSIFNETMASK:
-+ /*
-+ * Although we should pass any non-ATM ioctl requests
-+ * down to driver, we filter some legacy INET requests.
-+ * Drivers trust SIOCSIFADDR et al to come from an already
-+ * privileged layer, and do not perform any credentials
-+ * checks or input validation.
-+ */
-+ return (EINVAL);
-+ }
-+
- if (ifp == NULL || ifp->if_ioctl == NULL)
- return (EOPNOTSUPP);
- return ((*ifp->if_ioctl)(ifp, cmd, arg));