DivestOS/Patches/Linux_CVEs/CVE-2015-0571/qcacld-2.0/0003.patch

From 0e53a89bfe0dbb50e0dde9a6960d274386247cd9 Mon Sep 17 00:00:00 2001
From: Mukul Sharma <mukul@qti.qualcomm.com>
Date: Tue, 27 Oct 2015 23:17:10 +0530
Subject: wlan:Check priviledge permission before processing SET_CHAR_GET_NONE
 IOCTL

Kernel assumes all SET IOCTL commands are assigned with even
numbers. But in our WLAN driver, some SET IOCTLS are assigned with
odd numbers. This leads kernel fail to check, for some SET IOCTLs,
whether user has the right permission to do SET operation.
Hence, in driver, before processing SET_CHAR_GET_NONE IOCTLs, making
sure user task has right permission to process the command.

Change-Id: I7b060bcdc84f7016e8d301e994437a535533a260
CRs-Fixed: 930935
---
 CORE/HDD/src/wlan_hdd_wext.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
index 668cd1d..610b61b 100644
--- a/CORE/HDD/src/wlan_hdd_wext.c
+++ b/CORE/HDD/src/wlan_hdd_wext.c
@@ -7216,6 +7216,12 @@ static int __iw_setchar_getnone(struct net_device *dev,
     if (0 != ret)
         return ret;
 
+    if (!capable(CAP_NET_ADMIN)){
+        VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+                  FL("permission check failed"));
+        return -EPERM;
+    }
+
     /* helper function to get iwreq_data with compat handling. */
     if (hdd_priv_get_data(&s_priv_data, wrqu)) {
        return -EINVAL;
-- 
cgit v1.1