DivestOS/Patches/Linux_CVEs/CVE-2015-0571/qcacld-2.0/0006.patch

From 2905578424256be07e6b9d8c63bb83d40cc52a71 Mon Sep 17 00:00:00 2001
From: Mukul Sharma <mukul@qti.qualcomm.com>
Date: Wed, 28 Oct 2015 00:26:02 +0530
Subject: wlan:Check priviledge permission for QCSAP_IOCTL_SETWPSIE

Kernel assumes all SET IOCTL commands are assigned with even
numbers. But in our WLAN driver, some SET IOCTLS are assigned with
odd numbers. This leads kernel fail to check, for some SET IOCTLs,
whether user has the right permission to do SET operation.
Hence, in driver, before processing QCSAP_IOCTL_SETWPSIE IOCTL,
making sure user task has right permission to process the command.

Change-Id: Ie1c945afb0f109892beda66bab25647d70cc62d7
CRs-Fixed: 930944
---
 CORE/HDD/src/wlan_hdd_hostapd.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c
index e4e1a63..52402ff 100644
--- a/CORE/HDD/src/wlan_hdd_hostapd.c
+++ b/CORE/HDD/src/wlan_hdd_hostapd.c
@@ -5130,6 +5130,12 @@ static int __iw_softap_setwpsie(struct net_device *dev,
 
    ENTER();
 
+   if (!capable(CAP_NET_ADMIN)) {
+       VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                FL("permission check failed"));
+       return -EPERM;
+   }
+
    hdd_ctx = WLAN_HDD_GET_CTX(pHostapdAdapter);
    ret = wlan_hdd_validate_context(hdd_ctx);
    if (0 != ret)
-- 
cgit v1.1
Switch to new CVE patchset 2017-11-07 17:32:46 -05:00			`From 2905578424256be07e6b9d8c63bb83d40cc52a71 Mon Sep 17 00:00:00 2001`
			`From: Mukul Sharma <mukul@qti.qualcomm.com>`
			`Date: Wed, 28 Oct 2015 00:26:02 +0530`
			`Subject: wlan:Check priviledge permission for QCSAP_IOCTL_SETWPSIE`

			`Kernel assumes all SET IOCTL commands are assigned with even`
			`numbers. But in our WLAN driver, some SET IOCTLS are assigned with`
			`odd numbers. This leads kernel fail to check, for some SET IOCTLs,`
			`whether user has the right permission to do SET operation.`
			`Hence, in driver, before processing QCSAP_IOCTL_SETWPSIE IOCTL,`
			`making sure user task has right permission to process the command.`

			`Change-Id: Ie1c945afb0f109892beda66bab25647d70cc62d7`
			`CRs-Fixed: 930944`
			`---`
			`CORE/HDD/src/wlan_hdd_hostapd.c \| 6 ++++++`
			`1 file changed, 6 insertions(+)`

			`diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c`
			`index e4e1a63..52402ff 100644`
			`--- a/CORE/HDD/src/wlan_hdd_hostapd.c`
			`+++ b/CORE/HDD/src/wlan_hdd_hostapd.c`
			`@@ -5130,6 +5130,12 @@ static int __iw_softap_setwpsie(struct net_device *dev,`

			`ENTER();`

			`+ if (!capable(CAP_NET_ADMIN)) {`
			`+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,`
			`+ FL("permission check failed"));`
			`+ return -EPERM;`
			`+ }`
			`+`
			`hdd_ctx = WLAN_HDD_GET_CTX(pHostapdAdapter);`
			`ret = wlan_hdd_validate_context(hdd_ctx);`
			`if (0 != ret)`
			`--`
			`cgit v1.1`