DivestOS/Patches/Linux_CVEs/CVE-2016-0806/qcacld-2.0/0026.patch

From fb3616763bd5909e86cddd19f3569a26b4f93f49 Mon Sep 17 00:00:00 2001
From: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>
Date: Wed, 28 Oct 2015 21:25:21 -0700
Subject: wlan: ensure permission for WLAN_FTM_PRIV_SET_CHAR_GET_NONE

prima to qcacld-2.0 propagation.

Kernel assumes all SET IOCTL commands are assigned with even
numbers. But in our WLAN driver, some SET IOCTLS are assigned with
odd numbers. This leads kernel fail to check, for some SET IOCTLs,
whether user has the right permission to do SET operation. Hence,
in driver, before processing WLAN_FTM_PRIV_SET_CHAR_GET_NONE,
making sure user task has right permission to process the command.

CRs-Fixed: 930837
Git-commit: c4928591bbcd131f10f6ea337a4bd6ee3e141c2a
Git-repo: https://www.codeaurora.org/cgit/quic/la/platform/vendor/qcom-opensource/wlan/prima/
Bug: 25344453
Signed-off-by: Amarnath Hullur Subramanyam <amarnath@codeaurora.org>
---
 drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c
index ba9d0ff..31205f3 100644
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_wext.c
@@ -6193,6 +6193,13 @@ static int iw_setchar_getnone(struct net_device *dev, struct iw_request_info *in
 #endif /* WLAN_FEATURE_VOWIFI */
     struct iw_point s_priv_data;
 
+    if (!capable(CAP_NET_ADMIN))
+    {
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                  FL("permission check failed"));
+        return -EPERM;
+    }
+
     if ((WLAN_HDD_GET_CTX(pAdapter))->isLogpInProgress)
     {
         VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
-- 
cgit v1.1