DivestOS/Patches/Linux_CVEs/CVE-2016-0806/prima/0002.patch

43 lines
1.7 KiB
Diff
Raw Normal View History

2017-11-07 18:55:10 -05:00
From e9dcd5aa01734b019c793220531e4ef1d82959f8 Mon Sep 17 00:00:00 2001
From: Mukul Sharma <mukul@qti.qualcomm.com>
Date: Thu, 17 Mar 2016 10:06:03 -0700
Subject: wlan:Check priviledge permission before processing
for SET_CHAR_GET_NONE IOCTL
Kernel assumes all SET IOCTL commands are assigned with even
numbers. But in our WLAN driver, some SET IOCTLS are assigned with
odd numbers. This leads kernel fail to check, for some SET IOCTLs,
whether user has the right permission to do SET operation.
Hence, in driver, before processing SET_CHAR_GET_NONE IOCTLs, making
sure user task has right permission to process the command.
Bug: 27104184
Change-Id: Iccf25a9d1f1a7c13d3aaf2fc4bd3aebba740dbb2
Signed-off-by: Yuan Lin <yualin@google.com>
---
drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
index 964ed65..5e03595 100644
--- a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
+++ b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
@@ -3864,6 +3864,13 @@ static int iw_setchar_getnone(struct net_device *dev, struct iw_request_info *in
hdd_config_t *pConfig = pHddCtx->cfg_ini;
#endif /* WLAN_FEATURE_VOWIFI */
+ if (!capable(CAP_NET_ADMIN))
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ FL("permission check failed"));
+ return -EPERM;
+ }
+
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "%s: Received length %d", __func__, wrqu->data.length);
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "%s: Received data %s", __func__, (char*)wrqu->data.pointer);
--
cgit v1.1