DivestOS/Patches/Linux_CVEs/CVE-2016-0806/prima/0003.patch

43 lines
1.6 KiB
Diff
Raw Normal View History

2017-11-07 18:55:10 -05:00
From fd13b59e5a75b761f68fe34f09df1dce7a49acc2 Mon Sep 17 00:00:00 2001
From: Mukul Sharma <mukul@qti.qualcomm.com>
Date: Thu, 17 Mar 2016 10:11:40 -0700
Subject: wlan:Check priviledge permission before processing
for SET_PACKET_FILTER IOCTL
Kernel assumes all SET IOCTL commands are assigned with even
numbers. But in our WLAN driver, some SET IOCTLS are assigned with
odd numbers. This leads kernel fail to check, for some SET IOCTLs,
whether user has the right permission to do SET operation.
Hence, in driver, before processing SET_PACKET_FILTER IOCTL, making
sure user task has right permission to process the command.
Bug: 27104184
Change-Id: I1edc65ee26c5e3e4260e0f6546434b0137493396
Signed-off-by: Yuan Lin <yualin@google.com>
---
drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
index 5e03595..6a806f4 100644
--- a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
+++ b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
@@ -5834,6 +5834,13 @@ static int iw_set_packet_filter_params(struct net_device *dev, struct iw_request
hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR(dev);
tpPacketFilterCfg pRequest = (tpPacketFilterCfg)wrqu->data.pointer;
+ if (!capable(CAP_NET_ADMIN))
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ FL("permission check failed"));
+ return -EPERM;
+ }
+
return wlan_hdd_set_filter(WLAN_HDD_GET_CTX(pAdapter), pRequest, pAdapter->sessionId);
}
#endif
--
cgit v1.1