From 03a5d3e78cda9e430d4b921475056a6f17a69c5a Mon Sep 17 00:00:00 2001
From: Gordon Tetlow <gordon@FreeBSD.org>
Date: Thu, 19 Mar 2020 16:48:29 +0000
Subject: [PATCH] Fix insufficient oce(4) ioctl(2) privilege checking.

Approved by:	so
Security:	FreeBSD-SA-20:05.if_oce_ioctl
Security:	CVE-2019-15876
---
 sys/dev/oce/oce_if.c | 3 +++
 sys/dev/oce/oce_if.h | 1 +
 2 files changed, 4 insertions(+)

diff --git a/sys/dev/oce/oce_if.c b/sys/dev/oce/oce_if.c
index 14ca24086bb..b5a146f8d9c 100644
--- a/sys/dev/oce/oce_if.c
+++ b/sys/dev/oce/oce_if.c
@@ -621,6 +621,9 @@ oce_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
 		break;
 
 	case SIOCGPRIVATE_0:
+		rc = priv_check(curthread, PRIV_DRIVER);
+		if (rc != 0)
+			break;
 		rc = oce_handle_passthrough(ifp, data);
 		break;
 	default:
diff --git a/sys/dev/oce/oce_if.h b/sys/dev/oce/oce_if.h
index 5cf004b2dea..215be567f7c 100644
--- a/sys/dev/oce/oce_if.h
+++ b/sys/dev/oce/oce_if.h
@@ -48,6 +48,7 @@
 #include <sys/kernel.h>
 #include <sys/bus.h>
 #include <sys/mbuf.h>
+#include <sys/priv.h>
 #include <sys/rman.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
-- 
2.45.0