DivestOS/Patches/Linux_CVEs/CVE-2016-0806/qcacld-2.0/0017.patch

From 2882941530cbf804e280f235f7f8d76179a423fe Mon Sep 17 00:00:00 2001
From: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>
Date: Wed, 28 Oct 2015 21:03:01 -0700
Subject: wlan:Check priviledge permission before processing  SET_CHAR_GET_NONE
 IOCTL

Kernel assumes all SET IOCTL commands are assigned with even
numbers. But in our WLAN driver, some SET IOCTLS are assigned with
odd numbers. This leads kernel fail to check, for some SET IOCTLs,
whether user has the right permission to do SET operation.
Hence, in driver, before processing SET_CHAR_GET_NONE IOCTLs, making
sure user task has right permission to process the command.

CRs-Fixed: 930935
Git-commit: 0e53a89bfe0dbb50e0dde9a6960d274386247cd9
Bug: 25344453
Signed-off-by: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>
---
 drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c
index 0b1ee24..88d75c1 100644
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c
@@ -6200,6 +6200,12 @@ static int iw_setchar_getnone(struct net_device *dev, struct iw_request_info *in
         return -EBUSY;
     }
 
+    if (!capable(CAP_NET_ADMIN)){
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                  FL("permission check failed"));
+        return -EPERM;
+    }
+
     /* helper function to get iwreq_data with compat handling. */
     if (hdd_priv_get_data(&s_priv_data, wrqu)) {
        return -EINVAL;
-- 
cgit v1.1
Fixup wireless patches 2017-11-07 18:55:10 -05:00			`From 2882941530cbf804e280f235f7f8d76179a423fe Mon Sep 17 00:00:00 2001`
			`From: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>`
			`Date: Wed, 28 Oct 2015 21:03:01 -0700`
			`Subject: wlan:Check priviledge permission before processing SET_CHAR_GET_NONE`
			`IOCTL`

			`Kernel assumes all SET IOCTL commands are assigned with even`
			`numbers. But in our WLAN driver, some SET IOCTLS are assigned with`
			`odd numbers. This leads kernel fail to check, for some SET IOCTLs,`
			`whether user has the right permission to do SET operation.`
			`Hence, in driver, before processing SET_CHAR_GET_NONE IOCTLs, making`
			`sure user task has right permission to process the command.`

			`CRs-Fixed: 930935`
			`Git-commit: 0e53a89bfe0dbb50e0dde9a6960d274386247cd9`
			`Bug: 25344453`
			`Signed-off-by: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>`
			`---`
			`drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c \| 6 ++++++`
			`1 file changed, 6 insertions(+)`

			`diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c`
			`index 0b1ee24..88d75c1 100644`
			`--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c`
			`+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c`
			`@@ -6200,6 +6200,12 @@ static int iw_setchar_getnone(struct net_device dev, struct iw_request_info in`
			`return -EBUSY;`
			`}`

			`+ if (!capable(CAP_NET_ADMIN)){`
			`+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,`
			`+ FL("permission check failed"));`
			`+ return -EPERM;`
			`+ }`
			`+`
			`/* helper function to get iwreq_data with compat handling. */`
			`if (hdd_priv_get_data(&s_priv_data, wrqu)) {`
			`return -EINVAL;`
			`--`
			`cgit v1.1`