DivestOS/Patches/Linux_CVEs/CVE-2015-0571/qcacld-2.0/0010.patch

From 6665a9697b404acf4d2e7d52d9c2b19512c9b239 Mon Sep 17 00:00:00 2001
From: Mukul Sharma <mukul@qti.qualcomm.com>
Date: Tue, 27 Oct 2015 23:56:37 +0530
Subject: wlan:Check priviledge permission for SET_POWER_PARAMS IOCTL

Kernel assumes all SET IOCTL commands are assigned with even
numbers. But in our WLAN driver, some SET IOCTLS are assigned with
odd numbers. This leads kernel fail to check, for some SET IOCTLs,
whether user has the right permission to do SET operation.
Hence, in driver, before processing SET_POWER_PARAMS IOCTL, making
sure user task has right permission to process the command.

Change-Id: Ie930c9723ecbd54ae0e6bf6506815301e0387932
CRs-Fixed: 930953
---
 CORE/HDD/src/wlan_hdd_wext.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
index 3240c90..b7448c3 100644
--- a/CORE/HDD/src/wlan_hdd_wext.c
+++ b/CORE/HDD/src/wlan_hdd_wext.c
@@ -10846,6 +10846,12 @@ static int __iw_set_power_params_priv(struct net_device *dev,
   char *ptr;
 
   ENTER();
+
+  if (!capable(CAP_NET_ADMIN)) {
+      VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                 FL("permission check failed"));
+      return -EPERM;
+  }
   /* ODD number is used for set, copy data using copy_from_user */
   ptr = mem_alloc_copy_from_user_helper(wrqu->data.pointer,
                                         wrqu->data.length);
-- 
cgit v1.1