korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-13 22:14:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
d836f5c69d
linux/drivers/net
History
Michael Ellerman 78f7a7566f airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE 
The driver for Cisco Aironet 4500 and 4800 series cards (airo.c),
implements AIROOLDIOCTL/SIOCDEVPRIVATE in airo_ioctl().

The ioctl handler copies an aironet_ioctl struct from userspace, which
includes a command. Some of the commands are handled in readrids(),
where the user controlled command is converted into a driver-internal
value called "ridcode".

There are two command values, AIROGWEPKTMP and AIROGWEPKNV, which
correspond to ridcode values of RID_WEP_TEMP and RID_WEP_PERM
respectively. These commands both have checks that the user has
CAP_NET_ADMIN, with the comment that "Only super-user can read WEP
keys", otherwise they return -EPERM.

However there is another command value, AIRORRID, that lets the user
specify the ridcode value directly, with no other checks. This means
the user can bypass the CAP_NET_ADMIN check on AIROGWEPKTMP and
AIROGWEPKNV.

Fix it by moving the CAP_NET_ADMIN check out of the command handling
and instead do it later based on the ridcode. That way regardless of
whether the ridcode is set via AIROGWEPKTMP or AIROGWEPKNV, or passed
in using AIRORID, we always do the CAP_NET_ADMIN check.

Found by Ilja by code inspection, not tested as I don't have the
required hardware.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-23 11:01:13 +01:00
..
appletalk
arcnet
bonding bonding: fix active-backup transition after link failure 2019-12-14 16:22:34 -08:00
caif Driver core patches for 5.5-rc1 2019-11-27 11:06:20 -08:00
can can, slip: Protect tty->disc_data in write_wakeup and close with RCU 2020-01-22 20:32:03 +01:00
dsa net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec 2020-01-17 13:26:27 +01:00
ethernet cxgb4: reject overlapped queues in TC-MQPRIO offload 2020-01-19 16:12:53 +01:00
fddi
fjes Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-12-22 09:54:33 -08:00
hamradio 6pack,mkiss: fix possible deadlock 2019-12-13 21:49:29 -08:00
hippi
hyperv hv_netvsc: Fix memory leak when removing rndis device 2020-01-15 22:37:45 +01:00
ieee802154 drivers: net: Fix Kconfig indentation, continued 2019-11-21 11:54:09 -08:00
ipvlan Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-11-02 13:54:56 -07:00
netdevsim devlink: correct misspelling of snapshot 2020-01-11 14:30:24 -08:00
phy net: phy: dp83867: Set FORCE_LINK_GOOD to default after reset 2020-01-17 11:36:18 +01:00
plip
ppp pppoe: remove redundant BUG_ON() check in pppoe_pernet 2019-12-07 11:52:23 -08:00
slip can, slip: Protect tty->disc_data in write_wakeup and close with RCU 2020-01-22 20:32:03 +01:00
team Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-11-02 13:54:56 -07:00
usb net: usb: lan78xx: Add .ndo_features_check 2020-01-21 10:46:51 +01:00
vmxnet3
wan net: wan: lapbether.c: Use built-in RCU list checking 2020-01-16 14:30:52 +01:00
wimax Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-11-02 13:54:56 -07:00
wireless airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE 2020-01-23 11:01:13 +01:00
xen-netback xen-netback: avoid race that can lead to NULL pointer dereference 2019-12-15 11:40:15 -08:00
dummy.c net: dummy: use standard dev_lstats_add() and dev_lstats_read() 2019-11-07 20:03:08 -08:00
eql.c
geneve.c treewide: Use sizeof_field() macro 2019-12-09 10:36:44 -08:00
gtp.c gtp: fix bad unlock balance in gtp_encap_enable_socket 2020-01-08 12:42:49 -08:00
ifb.c
Kconfig drivers: net: Fix Kconfig indentation, continued 2019-11-21 11:54:09 -08:00
LICENSE.SRC
loopback.c net: use u64_stats_t in struct pcpu_lstats 2019-11-07 20:03:08 -08:00
macsec.c net: remove unnecessary variables and callback 2019-10-24 14:53:49 -07:00
macvlan.c macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() 2020-01-16 13:12:37 +01:00
macvtap.c
Makefile
mdio.c
mii.c
net_failover.c
netconsole.c
nlmon.c net: nlmon: use standard dev_lstats_add() and dev_lstats_read() 2019-11-07 20:03:08 -08:00
ntb_netdev.c
rionet.c
sb1000.c
Space.c
sungem_phy.c
tap.c compat_ioctl: move drivers to compat_ptr_ioctl 2019-10-23 17:23:43 +02:00
thunderbolt.c
tun.c tun: fix data-race in gro_normal_list() 2019-11-15 12:46:49 -08:00
veth.c veth: use standard dev_lstats_add() and dev_lstats_read() 2019-11-07 20:03:08 -08:00
virtio_net.c bpf: Convert bpf_prog refcnt to atomic64_t 2019-11-18 11:41:59 +01:00
vrf.c net: core: add generic lockdep keys 2019-10-24 14:53:48 -07:00
vsockmon.c vsockmon: use standard dev_lstats_add() and dev_lstats_read() 2019-11-07 20:03:08 -08:00
vxlan.c vxlan: fix tos value before xmit 2020-01-02 16:35:48 -08:00
xen-netfront.c