Christos Zoulas wrote:
> + if (so == NULL)
> + return -1;
> + if (so->so_cred == NULL) {
> + DPFPRINTF(PF_DEBUG_URGENT,
> + ("%s: so->so_cred == NULL so=%p\n", __func__, so));
> + return -1;
> + }
> pd->lookup.uid = kauth_cred_geteuid(so->so_cred);
> pd->lookup.gid = kauth_cred_getegid(so->so_cred);
> #else
I think it's perfectly normal for an incoming packet to have no
cred. For instance, if that packet is about to be accepted.
pd->lookup.uid and pd->lookup.gid are set to UID_MAX and GID_MAX
at the beginning of the function. They can be probably changed only
if so_cred is set:
if (so == NULL)
return
-1;
if (so->so_cred != NULL) {
pd->lookup.uid = kauth_cred_geteuid(so->so_cred);
pd->lookup.gid = kauth_cred_getegid(so->so_cred);
}
--
Alex
