upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-04-15 14:29:58 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Anton kindly pointed out (and fixed) a bug in the Jail handling of the

Browse source 
bind() call on IPv4 sockets:

  Currently, if one tries to bind a socket using INADDR_LOOPBACK inside a
  jail, it will fail because prison_ip() does not take this possibility
  into account.  On the other hand, when one tries to connect(), for
  example, to localhost, prison_remote_ip() will silently convert
  INADDR_LOOPBACK to the jail's IP address.  Therefore, it is desirable to
  make bind() to do this implicit conversion as well.

  Apart from this, the patch also replaces 0x7f000001 in
  prison_remote_ip() to a more correct INADDR_LOOPBACK.

This is a 4.4-RELEASE "during the freeze, thanks" MFC candidate.

Submitted by:	Anton Berezin <tobez@FreeBSD.org>
Discussed with at some point:	phk
MFC after:	3 days
This commit is contained in:
Robert Watson 2001-08-03 18:21:06 +00:00
parent 7d69e57088
commit fd6aaf7fe1
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
sys/kern/kern_jail.c
View file

@ -123,6 +123,13 @@ prison_ip(struct ucred *cred, int flag, u_int32_t *ip)
*ip = htonl(cred->cr_prison->pr_ip);
return (0);
}
if (tmp == INADDR_LOOPBACK) {
if (flag)
*ip = cred->cr_prison->pr_ip;
else
*ip = htonl(cred->cr_prison->pr_ip);
return (0);
}
if (cred->cr_prison->pr_ip != tmp)
return (1);
return (0);
@ -139,7 +146,7 @@ prison_remote_ip(struct ucred *cred, int flag, u_int32_t *ip)
tmp = *ip;
else
tmp = ntohl(*ip);
if (tmp == 0x7f000001) {
if (tmp == INADDR_LOOPBACK) {
if (flag)
*ip = cred->cr_prison->pr_ip;
else