DivestOS/Patches/Linux_CVEs/CVE-2016-0806/qcacld-2.0/0020.patch

From 89c3372735486a2f7f6b35298fcf246e7e177ac0 Mon Sep 17 00:00:00 2001
From: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>
Date: Wed, 28 Oct 2015 21:06:39 -0700
Subject: wlan:Check priviledge permission for QCSAP_IOCTL_DISASSOC_STA

Kernel assumes all SET IOCTL commands are assigned with even
numbers. But in our WLAN driver, some SET IOCTLS are assigned with
odd numbers. This leads kernel fail to check, for some SET IOCTLs,
whether user has the right permission to do SET operation.
Hence, in driver, before processing QCSAP_IOCTL_DISASSOC_STA IOCTL,
making sure user task has right permission to process the command.

CRs-Fixed: 930946
Git-commit: be62ecde85228b91c66fb047e27d25132f56bd0d
Bug: 25344453
Signed-off-by: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>
---
 drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_hostapd.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_hostapd.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_hostapd.c
index 77b4124..b95a853 100644
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_hostapd.c
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_hostapd.c
@@ -3243,6 +3243,13 @@ static iw_softap_disassoc_sta(struct net_device *dev,
     struct tagCsrDelStaParams delStaParams;
 
     ENTER();
+
+    if (!capable(CAP_NET_ADMIN)) {
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                 FL("permission check failed"));
+        return -EPERM;
+    }
+
     /* iwpriv tool or framework calls this ioctl with
      * data passed in extra (less than 16 octets);
      */
-- 
cgit v1.1
Fixup wireless patches 2017-11-07 18:55:10 -05:00			`From 89c3372735486a2f7f6b35298fcf246e7e177ac0 Mon Sep 17 00:00:00 2001`
			`From: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>`
			`Date: Wed, 28 Oct 2015 21:06:39 -0700`
			`Subject: wlan:Check priviledge permission for QCSAP_IOCTL_DISASSOC_STA`

			`Kernel assumes all SET IOCTL commands are assigned with even`
			`numbers. But in our WLAN driver, some SET IOCTLS are assigned with`
			`odd numbers. This leads kernel fail to check, for some SET IOCTLs,`
			`whether user has the right permission to do SET operation.`
			`Hence, in driver, before processing QCSAP_IOCTL_DISASSOC_STA IOCTL,`
			`making sure user task has right permission to process the command.`

			`CRs-Fixed: 930946`
			`Git-commit: be62ecde85228b91c66fb047e27d25132f56bd0d`
			`Bug: 25344453`
			`Signed-off-by: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>`
			`---`
			`drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_hostapd.c \| 7 +++++++`
			`1 file changed, 7 insertions(+)`

			`diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_hostapd.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_hostapd.c`
			`index 77b4124..b95a853 100644`
			`--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_hostapd.c`
			`+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_hostapd.c`
			`@@ -3243,6 +3243,13 @@ static iw_softap_disassoc_sta(struct net_device *dev,`
			`struct tagCsrDelStaParams delStaParams;`

			`ENTER();`
			`+`
			`+ if (!capable(CAP_NET_ADMIN)) {`
			`+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,`
			`+ FL("permission check failed"));`
			`+ return -EPERM;`
			`+ }`
			`+`
			`/* iwpriv tool or framework calls this ioctl with`
			`* data passed in extra (less than 16 octets);`
			`*/`
			`--`
			`cgit v1.1`