https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245314
--- Comment #5 from Conrad Meyer <c...@freebsd.org> ---
It seems like that check in sendit() is bogus. In kern_sendit(), we permit
msg_name == NULL if CAP_CONNECT is present:
730 int
731 kern_sendit(struct thread *td, int s, struct msghdr *mp, int flags,
732 struct mbuf *control, enum uio_seg segflg)
733 {
734 struct file *fp;
735 struct uio auio;
736 struct iovec *iov;
737 struct socket *so;
738 cap_rights_t *rights;
739 #ifdef KTRACE
740 struct uio *ktruio = NULL;
741 #endif
742 ssize_t len;
743 int i, error;
744
745 AUDIT_ARG_FD(s);
746 rights = &cap_send_rights;
747 if (mp->msg_name != NULL) {
748 AUDIT_ARG_SOCKADDR(td, AT_FDCWD, mp->msg_name);
749 rights = &cap_send_connect_rights;
750 }
751 error = getsock_cap(td, s, rights, &fp, NULL, NULL);
And sendit() is just a shim around kern_sendit().
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
