From e2baf3c8ccfede1eb895067320868d685d0e3b8a Mon Sep 17 00:00:00 2001
From: gordon <gordon@FreeBSD.org>
Date: Thu, 19 Mar 2020 16:48:29 +0000
Subject: [PATCH] Fix insufficient oce(4) ioctl(2) privilege checking.

Approved by:	so
Security:	FreeBSD-SA-20:05.if_oce_ioctl
Security:	CVE-2019-15876
---
 sys/dev/oce/oce_if.c | 3 +++
 sys/dev/oce/oce_if.h | 1 +
 2 files changed, 4 insertions(+)

diff --git a/sys/dev/oce/oce_if.c b/sys/dev/oce/oce_if.c
index 3ce8f19f1f2..269801223bf 100644
--- a/sys/dev/oce/oce_if.c
+++ b/sys/dev/oce/oce_if.c
@@ -616,6 +616,9 @@ oce_ioctl(struct ifnet *ifp, u_long command, caddr_t data)
 		break;
 
 	case SIOCGPRIVATE_0:
+		rc = priv_check(curthread, PRIV_DRIVER);
+		if (rc != 0)
+			break;
 		rc = oce_handle_passthrough(ifp, data);
 		break;
 	default:
diff --git a/sys/dev/oce/oce_if.h b/sys/dev/oce/oce_if.h
index dde5b60b88e..9e32098604f 100644
--- a/sys/dev/oce/oce_if.h
+++ b/sys/dev/oce/oce_if.h
@@ -46,6 +46,7 @@
 #include <sys/kernel.h>
 #include <sys/bus.h>
 #include <sys/mbuf.h>
+#include <sys/priv.h>
 #include <sys/rman.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
-- 
2.45.0