upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

In pfioctl, if the permission checks failed we returned with vnet context

Browse source 
set.

As the checks don't require vnet context, this is fixed by setting
vnet after the checks.

PR:		kern/160541
Submitted by:	Nikos Vassiliadis (slightly different approach)
This commit is contained in:
Mikolaj Golub 2012-12-15 17:19:36 +00:00
parent 6f1cbda73d
commit bf1e95a21c
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/netpfil/pf/pf_ioctl.c
View file

@ -963,8 +963,6 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
{
int error = 0;
CURVNET_SET(TD_TO_VNET(td));
/* XXX keep in sync with switch() below */
if (securelevel_gt(td->td_ucred, 2))
switch (cmd) {
@ -1068,6 +1066,8 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
return (EACCES);
}
CURVNET_SET(TD_TO_VNET(td));
switch (cmd) {
case DIOCSTART:
PF_RULES_WLOCK();