git: ddbf879d79d4 - main - jail: Correctly access IPv[46] addresses of prison_ip
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 13 Jan 2023 10:46:08 UTC
The branch main has been updated by zlei:
URL: https://cgit.FreeBSD.org/src/commit/?id=ddbf879d79d45bb3f493853d4b8ff30bce8f2da3
commit ddbf879d79d45bb3f493853d4b8ff30bce8f2da3
Author: Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2023-01-13 09:50:01 +0000
Commit: Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2023-01-13 10:45:14 +0000
jail: Correctly access IPv[46] addresses of prison_ip
* Fix wrong IPv[46] addresses inherited from parent jail
* Properly restrict the child jail's IPv[46] addresses
Reviewed by: melifaro, glebius
Approved by: kp (mentor)
Fixes: eb8dcdeac22d jail: network epoch protection for IP address lists
Differential Revision: https://reviews.freebsd.org/D37871
Differential Revision: https://reviews.freebsd.org/D37872
---
sys/kern/kern_jail.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index c715dbf25977..c8ae362c652c 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -654,7 +654,7 @@ prison_ip_dup(struct prison *ppr, struct prison *pr, const pr_family_t af)
if (ppr->pr_addrs[af] != NULL) {
pr->pr_addrs[af] = prison_ip_alloc(af,
ppr->pr_addrs[af]->ips, M_WAITOK);
- bcopy(ppr->pr_addrs[af], pr->pr_addrs[af],
+ bcopy(ppr->pr_addrs[af] + 1, pr->pr_addrs[af] + 1,
pr->pr_addrs[af]->ips * pr_families[af].size);
}
}
@@ -814,7 +814,7 @@ prison_ip_restrict(struct prison *pr, const pr_family_t af,
alloced = false;
if (!(pr->pr_flags & pr_families[af].ip_flag)) {
/* This has no user settings, so just copy the parent's list. */
- bcopy(ppip, new, ips * size);
+ bcopy(ppip + 1, new + 1, ips * size);
} else {
/* Remove addresses that aren't in the parent. */
int i;
@@ -846,7 +846,7 @@ prison_ip_restrict(struct prison *pr, const pr_family_t af,
i++;
break;
case 0:
- bcopy(PR_IP(pr, i), PR_IPD(new, ips), size);
+ bcopy(PR_IP(pip, i), PR_IPD(new, ips), size);
i++;
pi++;
ips++;