diff options
| author | benno <> | 2015-11-12 20:33:52 +0000 |
|---|---|---|
| committer | benno <> | 2015-11-12 20:33:52 +0000 |
| commit | 4998141acb59d8c785142a7461b96cd15df02eaa (patch) | |
| tree | 42b0bdfd1a7e3ae56c84b1f9e87a354d4e5457d4 /src | |
| parent | d00540272e14502c8e94cc6ee9ddcc7cd9323d18 (diff) | |
| download | openbsd-4998141acb59d8c785142a7461b96cd15df02eaa.tar.gz openbsd-4998141acb59d8c785142a7461b96cd15df02eaa.tar.bz2 openbsd-4998141acb59d8c785142a7461b96cd15df02eaa.zip | |
with -V argument, dont set rtable on the socket, instead set if for the whole
process, before pledge(). This way the rtable can be pledged too.
the discussion about removing -V is postponed.
diff from beck@, i wrote the same diff without seeing his, and various
people at u2k15 agreed this is the right thing to do.
ok phessler@
Diffstat (limited to 'src')
| -rw-r--r-- | src/usr.bin/nc/netcat.c | 19 |
1 files changed, 4 insertions, 15 deletions
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c index 9e2b7e9eb7..8860bac824 100644 --- a/src/usr.bin/nc/netcat.c +++ b/src/usr.bin/nc/netcat.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: netcat.c,v 1.141 2015/11/01 01:05:31 deraadt Exp $ */ | 1 | /* $OpenBSD: netcat.c,v 1.142 2015/11/12 20:33:52 benno Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> | 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> |
| 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. | 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. |
| @@ -311,13 +311,10 @@ main(int argc, char *argv[]) | |||
| 311 | argv += optind; | 311 | argv += optind; |
| 312 | 312 | ||
| 313 | if (rtableid >= 0) { | 313 | if (rtableid >= 0) { |
| 314 | /* | 314 | if (setrtable(rtableid) == -1) |
| 315 | * XXX No pledge if doing rtable manipulation! | 315 | err(1, "setrtable"); |
| 316 | * XXX the routing table stuff is dangerous and can't be pledged. | ||
| 317 | * XXX rtable should really have a better interface than sockopt | ||
| 318 | */ | ||
| 319 | } | 316 | } |
| 320 | else if (family == AF_UNIX) { | 317 | if (family == AF_UNIX) { |
| 321 | if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) | 318 | if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) |
| 322 | err(1, "pledge"); | 319 | err(1, "pledge"); |
| 323 | } | 320 | } |
| @@ -809,10 +806,6 @@ remote_connect(const char *host, const char *port, struct addrinfo hints) | |||
| 809 | SOCK_NONBLOCK, res0->ai_protocol)) < 0) | 806 | SOCK_NONBLOCK, res0->ai_protocol)) < 0) |
| 810 | continue; | 807 | continue; |
| 811 | 808 | ||
| 812 | if (rtableid >= 0 && (setsockopt(s, SOL_SOCKET, SO_RTABLE, | ||
| 813 | &rtableid, sizeof(rtableid)) == -1)) | ||
| 814 | err(1, "setsockopt SO_RTABLE"); | ||
| 815 | |||
| 816 | /* Bind to a local port or source address if specified. */ | 809 | /* Bind to a local port or source address if specified. */ |
| 817 | if (sflag || pflag) { | 810 | if (sflag || pflag) { |
| 818 | struct addrinfo ahints, *ares; | 811 | struct addrinfo ahints, *ares; |
| @@ -909,10 +902,6 @@ local_listen(char *host, char *port, struct addrinfo hints) | |||
| 909 | res0->ai_protocol)) < 0) | 902 | res0->ai_protocol)) < 0) |
| 910 | continue; | 903 | continue; |
| 911 | 904 | ||
| 912 | if (rtableid >= 0 && (setsockopt(s, SOL_SOCKET, SO_RTABLE, | ||
| 913 | &rtableid, sizeof(rtableid)) == -1)) | ||
| 914 | err(1, "setsockopt SO_RTABLE"); | ||
| 915 | |||
| 916 | ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); | 905 | ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); |
| 917 | if (ret == -1) | 906 | if (ret == -1) |
| 918 | err(1, NULL); | 907 | err(1, NULL); |