2017-11-07 18:55:10 -05:00
|
|
|
From e474427496ccb784878e10978f25b6e85de68850 Mon Sep 17 00:00:00 2001
|
|
|
|
From: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>
|
|
|
|
Date: Wed, 28 Oct 2015 21:10:14 -0700
|
2017-11-07 17:32:46 -05:00
|
|
|
Subject: wlan:Check priviledge permission for SET_POWER_PARAMS IOCTL
|
|
|
|
|
|
|
|
Kernel assumes all SET IOCTL commands are assigned with even
|
|
|
|
numbers. But in our WLAN driver, some SET IOCTLS are assigned with
|
|
|
|
odd numbers. This leads kernel fail to check, for some SET IOCTLs,
|
|
|
|
whether user has the right permission to do SET operation.
|
|
|
|
Hence, in driver, before processing SET_POWER_PARAMS IOCTL, making
|
|
|
|
sure user task has right permission to process the command.
|
|
|
|
|
|
|
|
CRs-Fixed: 930953
|
2017-11-07 18:55:10 -05:00
|
|
|
Git-commit: 6665a9697b404acf4d2e7d52d9c2b19512c9b239
|
|
|
|
Bug: 25344453
|
|
|
|
Signed-off-by: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>
|
2017-11-07 17:32:46 -05:00
|
|
|
---
|
2017-11-07 18:55:10 -05:00
|
|
|
drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c | 6 ++++++
|
2017-11-07 17:32:46 -05:00
|
|
|
1 file changed, 6 insertions(+)
|
|
|
|
|
2017-11-07 18:55:10 -05:00
|
|
|
diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c
|
|
|
|
index 1cbdf32..841ed4c 100644
|
|
|
|
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c
|
|
|
|
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c
|
|
|
|
@@ -9434,6 +9434,12 @@ static int iw_set_power_params_priv(struct net_device *dev,
|
2017-11-07 17:32:46 -05:00
|
|
|
char *ptr;
|
2017-11-07 18:55:10 -05:00
|
|
|
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO,
|
|
|
|
"Set power params Private");
|
2017-11-07 17:32:46 -05:00
|
|
|
+
|
|
|
|
+ if (!capable(CAP_NET_ADMIN)) {
|
|
|
|
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
|
|
|
|
+ FL("permission check failed"));
|
|
|
|
+ return -EPERM;
|
|
|
|
+ }
|
|
|
|
/* ODD number is used for set, copy data using copy_from_user */
|
|
|
|
ptr = mem_alloc_copy_from_user_helper(wrqu->data.pointer,
|
|
|
|
wrqu->data.length);
|
|
|
|
--
|
|
|
|
cgit v1.1
|
|
|
|
|