system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-24 03:37:16 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Remove gratuitous copyouts of unchanged struct mac.

Browse source 
The get operations change the data pointed to by the structure, but do
not update the contents of the struct.

Mark the struct mac arguments of mac_[gs]etsockopt_*label() and
mac_check_structmac_consistent() const to prevent this from changing
in the future.

Reviewed by:	markj
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D14488
This commit is contained in:
Brooks Davis 2023-11-13 21:32:15 +00:00
parent 0e80440647
commit f64a688dfd
5 changed files with 12 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/kern/uipc_socket.c
View file

@ -3442,7 +3442,7 @@ sogetopt(struct socket *so, struct sockopt *sopt)
so, &extmac);
if (error)
goto bad;
error = sooptcopyout(sopt, &extmac, sizeof extmac);
/* Don't copy out extmac, it is unchanged. */
#else
error = EOPNOTSUPP;
#endif
@ -3458,7 +3458,7 @@ sogetopt(struct socket *so, struct sockopt *sopt)
sopt->sopt_td->td_ucred, so, &extmac);
if (error)
goto bad;
error = sooptcopyout(sopt, &extmac, sizeof extmac);
/* Don't copy out extmac, it is unchanged. */
#else
error = EOPNOTSUPP;
#endif

3
sys/security/mac/mac_framework.c
View file

@ -725,9 +725,8 @@ mac_error_select(int error1, int error2)
}
int
mac_check_structmac_consistent(struct mac *mac)
mac_check_structmac_consistent(const struct mac *mac)
{
/* Require that labels have a non-zero length. */
if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN ||
mac->m_buflen <= sizeof(""))

6
sys/security/mac/mac_framework.h
View file

@ -408,11 +408,11 @@ void mac_socket_destroy(struct socket *);
int mac_socket_init(struct socket *, int);
void mac_socket_newconn(struct socket *oldso, struct socket *newso);
int mac_getsockopt_label(struct ucred *cred, struct socket *so,
struct mac *extmac);
const struct mac *extmac);
int mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,
struct mac *extmac);
const struct mac *extmac);
int mac_setsockopt_label(struct ucred *cred, struct socket *so,
struct mac *extmac);
const struct mac *extmac);
void mac_socketpeer_set_from_mbuf(struct mbuf *m, struct socket *so);
void mac_socketpeer_set_from_socket(struct socket *oldso,

2
sys/security/mac/mac_internal.h
View file

@ -210,7 +210,7 @@ void mac_labelzone_init(void);
void mac_init_label(struct label *label);
void mac_destroy_label(struct label *label);
int mac_check_structmac_consistent(struct mac *mac);
int mac_check_structmac_consistent(const struct mac *mac);
int mac_allocate_slot(void);
/*

8
sys/security/mac/mac_socket.c
View file

@ -521,7 +521,8 @@ mac_socket_label_set(struct ucred *cred, struct socket *so,
}
int
mac_setsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
mac_setsockopt_label(struct ucred *cred, struct socket *so,
const struct mac *mac)
{
struct label *intlabel;
char *buffer;
@ -554,7 +555,8 @@ mac_setsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
}
int
mac_getsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
mac_getsockopt_label(struct ucred *cred, struct socket *so,
const struct mac *mac)
{
char *buffer, *elements;
struct label *intlabel;
@ -593,7 +595,7 @@ mac_getsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
int
mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,
struct mac *mac)
const struct mac *mac)
{
char *elements, *buffer;
struct label *intlabel;