diff options
-rw-r--r-- | sys/netinet/in_pcb.c | 6 | ||||
-rw-r--r-- | sys/netinet6/in6_pcb.c | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 350d08360105..5fddff89dd0a 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -2254,8 +2254,10 @@ in_pcblookup_hash_wild_smr(struct inpcbinfo *pcbinfo, struct in_addr faddr, continue; if (__predict_true(inp_smr_lock(inp, lockflags))) { - if (__predict_true(in_pcblookup_wild_match(inp, laddr, - lport) != INPLOOKUP_MATCH_NONE)) + match = in_pcblookup_wild_match(inp, laddr, lport); + if (match != INPLOOKUP_MATCH_NONE && + prison_check_ip4_locked(inp->inp_cred->cr_prison, + &laddr) == 0) return (inp); inp_unlock(inp, lockflags); } diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index da7ed5ca79e0..43f567461598 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -1021,8 +1021,10 @@ in6_pcblookup_hash_wild_smr(struct inpcbinfo *pcbinfo, continue; if (__predict_true(inp_smr_lock(inp, lockflags))) { - if (__predict_true(in6_pcblookup_wild_match(inp, laddr, - lport) != INPLOOKUP_MATCH_NONE)) + match = in6_pcblookup_wild_match(inp, laddr, lport); + if (match != INPLOOKUP_MATCH_NONE && + prison_check_ip6_locked(inp->inp_cred->cr_prison, + laddr) == 0) return (inp); inp_unlock(inp, lockflags); } |