Re: CVS commit: src/sys/dist/pf/net

To: Christos Zoulas <christos%netbsd.org@localhost>
Subject: Re: CVS commit: src/sys/dist/pf/net
From: Alexander Nasonov <alnsn%yandex.ru@localhost>
Date: Mon, 19 Feb 2018 22:55:16 +0000

Christos Zoulas wrote:
> +	if (so == NULL)
> +		return -1;
> +	if (so->so_cred == NULL) {
> +		DPFPRINTF(PF_DEBUG_URGENT,
> +		    ("%s: so->so_cred == NULL so=%p\n", __func__, so));
> +		return -1;
> +	}
>  	pd->lookup.uid = kauth_cred_geteuid(so->so_cred);
>  	pd->lookup.gid = kauth_cred_getegid(so->so_cred);
>  #else

I think it's perfectly normal for an incoming packet to have no
cred. For instance, if that packet is about to be accepted.

pd->lookup.uid and pd->lookup.gid are set to UID_MAX and GID_MAX
at the beginning of the function. They can be probably changed only
if so_cred is set:

        if (so == NULL)                                                                                                                                  return -1;                                                                                                                       if (so->so_cred != NULL) {                                                                                                                       pd->lookup.uid = kauth_cred_geteuid(so->so_cred);                                                                                        pd->lookup.gid = kauth_cred_getegid(so->so_cred);                                                                                }         

-- 
Alex

Follow-Ups:
- Re: CVS commit: src/sys/dist/pf/net
  - From: Christos Zoulas

Prev by Date: Re: CVS commit: src/sys/dist/pf/net
Next by Date: Re: CVS commit: src/sys/arch/i386/stand
Previous by Thread: Re: CVS commit: src/sys/arch
Next by Thread: Re: CVS commit: src/sys/dist/pf/net
Indexes:

Home | Main Index | Thread Index | Old Index