DivestOS/Patches/Linux_CVEs/CVE-2016-0806/qcacld-2.0/0027.patch

From ca7c085fb70861a55d9d3a46de012a3e0998ca61 Mon Sep 17 00:00:00 2001
From: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>
Date: Wed, 28 Oct 2015 21:27:11 -0700
Subject: wlan:Check priviledge permission for SET_CHANNEL_RANGE

prima to qcacld-2.0 propagation.

Kernel assumes all SET IOCTL commands are assigned with even
numbers. But in our WLAN driver, some SET IOCTLS are assigned with
odd numbers. This leads kernel fail to check, for some SET IOCTLs,
whether user has the right permission to do SET operation.
Hence, in driver, before processing SET_CHANNEL_RANGE IOCTL,
making sure user task has right permission to process the command.

CRs-Fixed: 930555
Git-commit: bcb1abfd803c6bb98bad35228d7c4f85b754836d
Git-repo: https://www.codeaurora.org/cgit/quic/la/platform/vendor/qcom-opensource/wlan/prima/
Bug: 25344453
Signed-off-by: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>
---
 drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c
index 31205f3..1b8346d0 100644
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c
@@ -3336,6 +3336,13 @@ static int iw_softap_set_channel_range( struct net_device *dev,
     tHalHandle hHal = WLAN_HDD_GET_HAL_CTX(pHostapdAdapter);
     hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX(pHostapdAdapter);
 
+    if (!capable(CAP_NET_ADMIN))
+    {
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                  FL("permission check failed"));
+        return -EPERM;
+    }
+
     status = WLANSAP_SetChannelRange(hHal, startChannel, endChannel, band);
 
     if (VOS_STATUS_SUCCESS != status)
-- 
cgit v1.1
Fixup wireless patches 2017-11-07 18:55:10 -05:00			`From ca7c085fb70861a55d9d3a46de012a3e0998ca61 Mon Sep 17 00:00:00 2001`
			`From: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>`
			`Date: Wed, 28 Oct 2015 21:27:11 -0700`
			`Subject: wlan:Check priviledge permission for SET_CHANNEL_RANGE`

			`prima to qcacld-2.0 propagation.`

			`Kernel assumes all SET IOCTL commands are assigned with even`
			`numbers. But in our WLAN driver, some SET IOCTLS are assigned with`
			`odd numbers. This leads kernel fail to check, for some SET IOCTLs,`
			`whether user has the right permission to do SET operation.`
			`Hence, in driver, before processing SET_CHANNEL_RANGE IOCTL,`
			`making sure user task has right permission to process the command.`

			`CRs-Fixed: 930555`
			`Git-commit: bcb1abfd803c6bb98bad35228d7c4f85b754836d`
			`Git-repo: https://www.codeaurora.org/cgit/quic/la/platform/vendor/qcom-opensource/wlan/prima/`
			`Bug: 25344453`
			`Signed-off-by: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>`
			`---`
			`drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c \| 7 +++++++`
			`1 file changed, 7 insertions(+)`

			`diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c`
			`index 31205f3..1b8346d0 100644`
			`--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c`
			`+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c`
			`@@ -3336,6 +3336,13 @@ static int iw_softap_set_channel_range( struct net_device *dev,`
			`tHalHandle hHal = WLAN_HDD_GET_HAL_CTX(pHostapdAdapter);`
			`hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX(pHostapdAdapter);`

			`+ if (!capable(CAP_NET_ADMIN))`
			`+ {`
			`+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,`
			`+ FL("permission check failed"));`
			`+ return -EPERM;`
			`+ }`
			`+`
			`status = WLANSAP_SetChannelRange(hHal, startChannel, endChannel, band);`

			`if (VOS_STATUS_SUCCESS != status)`
			`--`
			`cgit v1.1`