DivestOS/Patches/Linux_CVEs/CVE-2016-0806/prima/0001.patch

42 lines
1.6 KiB
Diff
Raw Normal View History

2017-11-07 18:55:10 -05:00
From 1fac73337080712109029302599945d1ac36c799 Mon Sep 17 00:00:00 2001
From: Mukul Sharma <mukul@qti.qualcomm.com>
Date: Thu, 17 Mar 2016 09:55:27 -0700
Subject: wlan:Check priviledge permission before processing
for SET_OEM_DATA_REQ IOCTL
Kernel assumes all SET IOCTL commands are assigned with even
numbers. But in our WLAN driver, some SET IOCTLS are assigned with
odd numbers. This leads kernel fail to check, for some SET IOCTLs,
whether user has the right permission to do SET operation.
Hence, in driver, before processing SET_OEM_DATA_REQ IOCTLs, making
sure user task has right permission to process the command.
Bug: 27104184
Change-Id: I651656fe11d4235232b76c972b5460b57e608449
Signed-off-by: Yuan Lin <yualin@google.com>
---
drivers/staging/prima/CORE/HDD/src/wlan_hdd_oemdata.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_oemdata.c b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_oemdata.c
index c796abd..2bbb38f 100644
--- a/drivers/staging/prima/CORE/HDD/src/wlan_hdd_oemdata.c
+++ b/drivers/staging/prima/CORE/HDD/src/wlan_hdd_oemdata.c
@@ -203,6 +203,12 @@ int iw_set_oem_data_req(
hdd_adapter_t *pAdapter = (netdev_priv(dev));
hdd_wext_state_t *pwextBuf = WLAN_HDD_GET_WEXT_STATE_PTR(pAdapter);
+ if (!capable(CAP_NET_ADMIN)) {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ FL("permission check failed"));
+ return -EPERM;
+ }
+
if ((WLAN_HDD_GET_CTX(pAdapter))->isLogpInProgress)
{
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
--
cgit v1.1