Re: kern/47598: Kernel crash in kauth_cred_uidmatch caused by netstat

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,luke%maurits.id.au@localhost
Subject: Re: kern/47598: Kernel crash in kauth_cred_uidmatch caused by netstat
From: Martin Husemann <martin%duskware.de@localhost>
Date: Wed, 27 Feb 2013 10:25:03 +0000 (UTC)

The following reply was made to PR kern/47598; it has been noted by GNATS.

From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: kern/47598: Kernel crash in kauth_cred_uidmatch caused by netstat
Date: Wed, 27 Feb 2013 11:20:54 +0100

 --y0ulUmNC+osPPQO6
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 The patch below does two things:
 
 First hunk should make the kauth code deal with a missing so_cred (which
 would only happen for new connections not yet accepted), denying their
 visibility to everyone.
 
 Second hunk initializes new sockets credentials earlier during accept(),
 so no sockets with NULL credentials should show up in pcblists.
 
 An alternative to the second part is to move the intialization of credentials
 to newconn().
 
 Martin
 
 --y0ulUmNC+osPPQO6
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="newcon.patch"
 
 Index: secmodel_extensions.c
 ===================================================================
 RCS file: /cvsroot/src/sys/secmodel/extensions/secmodel_extensions.c,v
 retrieving revision 1.4
 diff -u -p -r1.4 secmodel_extensions.c
 --- secmodel_extensions.c      28 Jan 2013 00:51:29 -0000      1.4
 +++ secmodel_extensions.c      27 Feb 2013 10:11:07 -0000
 @@ -481,6 +481,9 @@ secmodel_extensions_network_cb(kauth_cre
        if (curtain != 0) {
                struct socket *so = (struct socket *)arg1;
  
 +              if (__predict_false(so->so_cred == NULL))
 +                      return KAUTH_RESULT_DENY;
 +
                if (!kauth_cred_uidmatch(cred, so->so_cred)) {
                        int error;
                        bool isroot = false;
 Index: uipc_syscalls.c
 ===================================================================
 RCS file: /cvsroot/src/sys/kern/uipc_syscalls.c,v
 retrieving revision 1.160
 diff -u -p -r1.160 uipc_syscalls.c
 --- uipc_syscalls.c    14 Feb 2013 21:57:59 -0000      1.160
 +++ uipc_syscalls.c    27 Feb 2013 10:14:09 -0000
 @@ -236,8 +236,8 @@ do_sys_accept(struct lwp *l, int sock, s
        fp2->f_data = so2;
        if (flags & SOCK_NONBLOCK)
                so2->so_state |= SS_NBIO;
 -      error = soaccept(so2, nam);
        so2->so_cred = kauth_cred_dup(so->so_cred);
 +      error = soaccept(so2, nam);
        sounlock(so);
        if (error) {
                /* an error occurred, free the file descriptor and mbuf */
 
 --y0ulUmNC+osPPQO6--

Prev by Date: PR/47302 CVS commit: src/sys/dev/ic
Next by Date: Re: install/47592: installation failure - partial boot - piixide0: 0: 0; lost interrupt
Previous by Thread: Re: kern/47598: Kernel crash in kauth_cred_uidmatch caused by netstat
Next by Thread: Re: kern/47598: Kernel crash in kauth_cred_uidmatch caused by netstat
Indexes:

Home | Main Index | Thread Index | Old Index