DivestOS/Patches/Linux_CVEs/CVE-2015-0571/qcacld-2.0/0002.patch

From fe4208157c899a5de4d6769d13f6620fc32ebfa9 Mon Sep 17 00:00:00 2001
From: Hanumantha Reddy Pothula <c_hpothu@qti.qualcomm.com>
Date: Thu, 29 Oct 2015 12:13:38 +0530
Subject: wlan:Check priviledge permission for SET_CHANNEL_RANGE

Kernel assumes all SET IOCTL commands are assigned with even
numbers. But in our WLAN driver, some SET IOCTLS are assigned with
odd numbers. This leads kernel fail to check, for some SET IOCTLs,
whether user has the right permission to do SET operation.
Hence, in driver, before processing SET_CHANNEL_RANGE IOCTL,
making sure user task has right permission to process the command.

Change-Id: I48bcd55bee45203667bcc679db4ad96aa9e04b7c
CRs-Fixed: 930555
---
 CORE/HDD/src/wlan_hdd_hostapd.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c
index 270f5e1..c6cce50 100644
--- a/CORE/HDD/src/wlan_hdd_hostapd.c
+++ b/CORE/HDD/src/wlan_hdd_hostapd.c
@@ -4231,6 +4231,12 @@ static int wlan_hdd_set_force_acs_ch_range(struct net_device *dev,
 	hdd_context_t *hdd_ctx = WLAN_HDD_GET_CTX(adapter);
 	int *value = (int *)extra;
 
+	if (!capable(CAP_NET_ADMIN)) {
+		VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+			  FL("permission check failed"));
+		return -EPERM;
+	}
+
 	if (wlan_hdd_validate_operation_channel(adapter, value[0]) !=
 					 VOS_STATUS_SUCCESS ||
 		wlan_hdd_validate_operation_channel(adapter, value[1]) !=
-- 
cgit v1.1