summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorpwernau <none@none>2006-07-24 13:05:14 -0700
committerpwernau <none@none>2006-07-24 13:05:14 -0700
commit1d76fceaaa9387aa83875cdb57678c1edcf4696d (patch)
treef53e3259351f3f38a36900880e6a3ac8b6f95378
parentb4a51ac199bca44f346001c5a5b4555894ca63b2 (diff)
downloadillumos-gate-1d76fceaaa9387aa83875cdb57678c1edcf4696d.tar.gz
6425832 IP_NEXTHOP socket option has incomplete cred check
-rw-r--r--usr/src/uts/common/inet/ip/ip.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/usr/src/uts/common/inet/ip/ip.c b/usr/src/uts/common/inet/ip/ip.c
index 64a53a1ea4..51b0b97786 100644
--- a/usr/src/uts/common/inet/ip/ip.c
+++ b/usr/src/uts/common/inet/ip/ip.c
@@ -10090,6 +10090,9 @@ ip_opt_set(queue_t *q, uint_t optset_context, int level, int name,
case IPPROTO_IP:
switch (name) {
case IP_NEXTHOP:
+ if (secpolicy_net_config(cr, B_FALSE) != 0)
+ return (EPERM);
+ /* FALLTHRU */
case IP_MULTICAST_IF:
case IP_DONTFAILOVER_IF: {
ipaddr_t addr = *i1;