ipc_kmsg_t reply;
kern_return_t kr;
ipc_port_t *destp;
+ ipc_port_t replyp = IPC_PORT_NULL;
mach_msg_format_0_trailer_t *trailer;
register mig_hash_t *ptr;
}
else {
if (!ipc_kobject_notify(request->ikm_header, reply->ikm_header)){
-#if MACH_IPC_TEST
+#if DEVELOPMENT || DEBUG
printf("ipc_kobject_server: bogus kernel message, id=%d\n",
request->ikm_header->msgh_id);
-#endif /* MACH_IPC_TEST */
+#endif /* DEVELOPMENT || DEBUG */
_MIG_MSGID_INVALID(request->ikm_header->msgh_id);
((mig_reply_error_t *) reply->ikm_header)->RetCode
ipc_kmsg_destroy(request);
}
+ replyp = (ipc_port_t)reply->ikm_header->msgh_remote_port;
+
if (kr == MIG_NO_REPLY) {
/*
* The server function will send a reply message
ipc_kmsg_free(reply);
return IKM_NULL;
- } else if (!IP_VALID((ipc_port_t)reply->ikm_header->msgh_remote_port)) {
+ } else if (!IP_VALID(replyp)) {
/*
* Can't queue the reply message if the destination
* (the reply port) isn't valid.
ipc_kmsg_destroy(reply);
+ return IKM_NULL;
+ } else if (replyp->ip_receiver == ipc_space_kernel) {
+ /*
+ * Don't send replies to kobject kernel ports
+ */
+#if DEVELOPMENT || DEBUG
+ printf("%s: refusing to send reply to kobject %d port (id:%d)\n",
+ __func__, ip_kotype(replyp),
+ request->ikm_header->msgh_id);
+#endif /* DEVELOPMENT || DEBUG */
+ ipc_kmsg_destroy(reply);
return IKM_NULL;
}
mach_msg_header_t *request_header,
mach_msg_header_t *reply_header)
{
+ mach_msg_max_trailer_t * trailer;
ipc_port_t port = (ipc_port_t) request_header->msgh_remote_port;
((mig_reply_error_t *) reply_header)->RetCode = MIG_NO_REPLY;
+
+ trailer = (mach_msg_max_trailer_t *)
+ ((vm_offset_t)request_header + request_header->msgh_size);
+ if (0 != bcmp(&trailer->msgh_audit, &KERNEL_AUDIT_TOKEN,
+ sizeof(trailer->msgh_audit))) {
+ return FALSE;
+ }
+ if (0 != bcmp(&trailer->msgh_sender, &KERNEL_SECURITY_TOKEN,
+ sizeof(trailer->msgh_sender))) {
+ return FALSE;
+ }
+
switch (request_header->msgh_id) {
case MACH_NOTIFY_NO_SENDERS:
switch (ip_kotype(port)) {
projects / apple / xnu.git / blobdiff