Fix insufficient oce(4) ioctl(2) privilege checking.

Approved by: so Security: FreeBSD-SA-20:05.if_oce_ioctl Security: CVE-2019-15876
author: Gordon Tetlow <gordon@FreeBSD.org> 2020-03-19 16:48:29 +0000
committer: Gordon Tetlow <gordon@FreeBSD.org> 2020-03-19 16:48:29 +0000
commit: 97281eaa7994241a71fa268ac15aca931d70e2c0 (patch)
tree: b193f9ad825ba8cd1748a6e38f0df73f5c284c3a
parent: 986219318e60e339316c80084d791ebcb362d459 (diff)
download: src-test2-97281eaa7994241a71fa268ac15aca931d70e2c0.tar.gz
src-test2-97281eaa7994241a71fa268ac15aca931d70e2c0.zip
2 files changed, 4 insertions, 0 deletions
diff --git a/sys/dev/oce/oce_if.c b/sys/dev/oce/oce_if.c
index 3ce8f19f1f22..269801223bf8 100644
--- a/sys/dev/oce/oce_if.c
+++ b/sys/dev/oce/oce_if.c
@@ -616,6 +616,9 @@ oce_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
 		break;
 
 	case SIOCGPRIVATE_0:
+		rc = priv_check(curthread, PRIV_DRIVER);
+		if (rc != 0)
+			break;
 		rc = oce_handle_passthrough(ifp, data);
 		break;
 	default:
diff --git a/sys/dev/oce/oce_if.h b/sys/dev/oce/oce_if.h
index dde5b60b88e3..9e32098604f9 100644
--- a/sys/dev/oce/oce_if.h
+++ b/sys/dev/oce/oce_if.h
@@ -46,6 +46,7 @@
 #include <sys/kernel.h>
 #include <sys/bus.h>
 #include <sys/mbuf.h>
+#include <sys/priv.h>
 #include <sys/rman.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
author	Gordon Tetlow <gordon@FreeBSD.org>	2020-03-19 16:48:29 +0000
committer	Gordon Tetlow <gordon@FreeBSD.org>	2020-03-19 16:48:29 +0000
commit	97281eaa7994241a71fa268ac15aca931d70e2c0 (patch)
tree	b193f9ad825ba8cd1748a6e38f0df73f5c284c3a
parent	986219318e60e339316c80084d791ebcb362d459 (diff)
download	src-test2-97281eaa7994241a71fa268ac15aca931d70e2c0.tar.gz src-test2-97281eaa7994241a71fa268ac15aca931d70e2c0.zip