DivestOS/Patches/Linux_CVEs/CVE-2016-0806/prima/0007.patch

From 4a75c965d2505ca2490a365a27309cc9dd68b2d1 Mon Sep 17 00:00:00 2001
From: Hanumantha Reddy Pothula <c_hpothu@qti.qualcomm.com>
Date: Thu, 17 Mar 2016 10:54:37 -0700
Subject: wlan:Check priviledge permission

for SET_THREE_INT_GET_NONE

Kernel assumes all SET IOCTL commands are assigned with even
numbers. But in our WLAN driver, some SET IOCTLS are assigned with
odd numbers. This leads kernel fail to check, for some SET IOCTLs,
whether user has the right permission to do SET operation.
Hence, in driver, before processing SET_THREE_INT_GET_NONE IOCTL,
making sure user task has right permission to process the command.

Bug: 27104184
Change-Id: I8661872786adfb5492da505ba3960e62064ddd7e
Signed-off-by: Yuan Lin <yualin@google.com>
---
 drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
index 9b41a5e..1288bd0 100644
--- a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
+++ b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
@@ -4049,6 +4049,13 @@ int iw_set_three_ints_getnone(struct net_device *dev, struct iw_request_info *in
     int sub_cmd = value[0];
     int ret = 0;
 
+    if (!capable(CAP_NET_ADMIN))
+    {
+      VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+		FL("permission check failed"));
+      return -EPERM;
+    }
+
     if ((WLAN_HDD_GET_CTX(pAdapter))->isLogpInProgress)
     {
         VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
-- 
cgit v1.1
Fixup wireless patches 2017-11-07 18:55:10 -05:00			`From 4a75c965d2505ca2490a365a27309cc9dd68b2d1 Mon Sep 17 00:00:00 2001`
			`From: Hanumantha Reddy Pothula <c_hpothu@qti.qualcomm.com>`
			`Date: Thu, 17 Mar 2016 10:54:37 -0700`
			`Subject: wlan:Check priviledge permission`

			`for SET_THREE_INT_GET_NONE`

			`Kernel assumes all SET IOCTL commands are assigned with even`
			`numbers. But in our WLAN driver, some SET IOCTLS are assigned with`
			`odd numbers. This leads kernel fail to check, for some SET IOCTLs,`
			`whether user has the right permission to do SET operation.`
			`Hence, in driver, before processing SET_THREE_INT_GET_NONE IOCTL,`
			`making sure user task has right permission to process the command.`

			`Bug: 27104184`
			`Change-Id: I8661872786adfb5492da505ba3960e62064ddd7e`
			`Signed-off-by: Yuan Lin <yualin@google.com>`
			`---`
			`drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c \| 7 +++++++`
			`1 file changed, 7 insertions(+)`

			`diff --git a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c`
			`index 9b41a5e..1288bd0 100644`
			`--- a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c`
			`+++ b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c`
			`@@ -4049,6 +4049,13 @@ int iw_set_three_ints_getnone(struct net_device dev, struct iw_request_info in`
			`int sub_cmd = value[0];`
			`int ret = 0;`

			`+ if (!capable(CAP_NET_ADMIN))`
			`+ {`
			`+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,`
			`+ FL("permission check failed"));`
			`+ return -EPERM;`
			`+ }`
			`+`
			`if ((WLAN_HDD_GET_CTX(pAdapter))->isLogpInProgress)`
			`{`
			`VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,`
			`--`
			`cgit v1.1`