HomeFreeBSD
Diffusion FreeBSD src repository a306ed50ecd5

inpcb: Restore missing validation of local addresses for jailed sockets
a306ed50ecd5
Actions

Description

inpcb: Restore missing validation of local addresses for jailed sockets

When looking up a listening socket, the SMR-protected lookup routine may
return a jailed socket with no local address. This happens when using
classic jails with more than one IP address; in a single-IP classic
jail, a bound socket's local address is always rewritten to be that of
the jail.

After commit 7b92493ab1d4, the lookup path failed to check whether the
jail corresponding to a matched wildcard socket actually owns the
address, and would return the match regardless. Restore the omitted
checks.

Fixes: 7b92493ab1d4 ("inpcb: Avoid inp_cred dereferences in SMR-protected lookup")
Reported by: peter
Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D40268

Details

Provenance
markjAuthored on May 30 2023, 7:15 PM
Reviewer
bz
Differential Revision
D40268: inpcb: Properly handle rewrites of classic jail socket source addresses
Parents
rG4e78addbeff9: buf: Make the number of pbufs slightly more dynamic
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
sys/
netinet/
netinet6/

rGa306ed50ecd5

View Options

sys/netinet/in_pcb.c

Loading...
View Options

sys/netinet6/in6_pcb.c

Loading...