From 5fc263228151d48e246fc278ba257c535b6c9e38 Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Fri, 22 Aug 2014 19:21:08 +0000
Subject: [PATCH] Add some missing checks for unsupported interfaces (e.g.
 pflog(4)) when handling ioctls. While here, remove duplicated checks for a
 NULL ifp in in6_control(): this check is already done near the beginning of
 the function.

PR:		189117
Reviewed by:	hrs
MFC after:	2 weeks
---
 sys/netinet6/in6.c        | 27 +++++++++++----------------
 sys/netinet6/scope6.c     | 31 +++++++++++++++++++++++++++++--
 sys/netinet6/scope6_var.h |  3 +--
 3 files changed, 41 insertions(+), 20 deletions(-)

diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index 7c31827918a7..a619318fad79 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -252,7 +252,7 @@ in6_control(struct socket *so, u_long cmd, caddr_t data,
 		return (mrt6_ioctl ? mrt6_ioctl(cmd, data) : EOPNOTSUPP);
 	}
 
-	switch(cmd) {
+	switch (cmd) {
 	case SIOCAADDRCTL_POLICY:
 	case SIOCDADDRCTL_POLICY:
 		if (td != NULL) {
@@ -324,14 +324,10 @@ in6_control(struct socket *so, u_long cmd, caddr_t data,
 			if (error)
 				return (error);
 		}
-		return (scope6_set(ifp,
-		    (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id));
+		/* FALLTHROUGH */
 	case SIOCGSCOPE6:
-		return (scope6_get(ifp,
-		    (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id));
 	case SIOCGSCOPE6DEF:
-		return (scope6_get_default((struct scope6_id *)
-		    ifr->ifr_ifru.ifru_scope_id));
+		return (scope6_ioctl(cmd, data, ifp));
 	}
 
 	/*
@@ -442,6 +438,13 @@ in6_control(struct socket *so, u_long cmd, caddr_t data,
 			if (error)
 				goto out;
 		}
+		/* FALLTHROUGH */
+	case SIOCGIFSTAT_IN6:
+	case SIOCGIFSTAT_ICMP6:
+		if (ifp->if_afdata[AF_INET6] == NULL) {
+			error = EPFNOSUPPORT;
+			goto out;
+		}
 		break;
 
 	case SIOCGIFADDR_IN6:
@@ -517,10 +520,6 @@ in6_control(struct socket *so, u_long cmd, caddr_t data,
 		break;
 
 	case SIOCGIFSTAT_IN6:
-		if (ifp == NULL) {
-			error = EINVAL;
-			goto out;
-		}
 		COUNTER_ARRAY_COPY(((struct in6_ifextra *)
 		    ifp->if_afdata[AF_INET6])->in6_ifstat,
 		    &ifr->ifr_ifru.ifru_stat,
@@ -528,10 +527,6 @@ in6_control(struct socket *so, u_long cmd, caddr_t data,
 		break;
 
 	case SIOCGIFSTAT_ICMP6:
-		if (ifp == NULL) {
-			error = EINVAL;
-			goto out;
-		}
 		COUNTER_ARRAY_COPY(((struct in6_ifextra *)
 		    ifp->if_afdata[AF_INET6])->icmp6_ifstat,
 		    &ifr->ifr_ifru.ifru_icmp6stat,
@@ -762,7 +757,7 @@ in6_control(struct socket *so, u_long cmd, caddr_t data,
 	}
 
 	default:
-		if (ifp == NULL || ifp->if_ioctl == 0) {
+		if (ifp->if_ioctl == NULL) {
 			error = EOPNOTSUPP;
 			goto out;
 		}
diff --git a/sys/netinet6/scope6.c b/sys/netinet6/scope6.c
index 3284a7dd9fd8..d0c665597a9f 100644
--- a/sys/netinet6/scope6.c
+++ b/sys/netinet6/scope6.c
@@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
+#include <sys/sockio.h>
 #include <sys/systm.h>
 #include <sys/queue.h>
 #include <sys/sysctl.h>
@@ -79,6 +80,9 @@ static VNET_DEFINE(struct scope6_id, sid_default);
 #define SID(ifp) \
 	(((struct in6_ifextra *)(ifp)->if_afdata[AF_INET6])->scope6_id)
 
+static int	scope6_get(struct ifnet *, struct scope6_id *);
+static int	scope6_set(struct ifnet *, struct scope6_id *);
+
 void
 scope6_init(void)
 {
@@ -122,6 +126,30 @@ scope6_ifdetach(struct scope6_id *sid)
 }
 
 int
+scope6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp)
+{
+	struct in6_ifreq *ifr;
+
+	if (ifp->if_afdata[AF_INET6] == NULL)
+		return (EPFNOSUPPORT);
+
+	ifr = (struct in6_ifreq *)data;
+	switch (cmd) {
+	case SIOCSSCOPE6:
+		return (scope6_set(ifp,
+		    (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id));
+	case SIOCGSCOPE6:
+		return (scope6_get(ifp,
+		    (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id));
+	case SIOCGSCOPE6DEF:
+		return (scope6_get_default(
+		    (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id));
+	default:
+		return (EOPNOTSUPP);
+	}
+}
+
+static int
 scope6_set(struct ifnet *ifp, struct scope6_id *idlist)
 {
 	int i;
@@ -184,7 +212,7 @@ scope6_set(struct ifnet *ifp, struct scope6_id *idlist)
 	return (error);
 }
 
-int
+static int
 scope6_get(struct ifnet *ifp, struct scope6_id *idlist)
 {
 	struct scope6_id *sid;
@@ -203,7 +231,6 @@ scope6_get(struct ifnet *ifp, struct scope6_id *idlist)
 	return (0);
 }
 
-
 /*
  * Get a scope of the address. Node-local, link-local, site-local or global.
  */
diff --git a/sys/netinet6/scope6_var.h b/sys/netinet6/scope6_var.h
index 87de8d71d615..3398bbe6bd04 100644
--- a/sys/netinet6/scope6_var.h
+++ b/sys/netinet6/scope6_var.h
@@ -50,8 +50,7 @@ VNET_DECLARE(int, deembed_scopeid);
 void	scope6_init(void);
 struct scope6_id *scope6_ifattach(struct ifnet *);
 void	scope6_ifdetach(struct scope6_id *);
-int	scope6_set(struct ifnet *, struct scope6_id *);
-int	scope6_get(struct ifnet *, struct scope6_id *);
+int	scope6_ioctl(u_long cmd, caddr_t data, struct ifnet *);
 void	scope6_setdefault(struct ifnet *);
 int	scope6_get_default(struct scope6_id *);
 u_int32_t scope6_addr2default(struct in6_addr *);