aboutsummaryrefslogtreecommitdiffstats
path: root/nfc-enforce-cap_net_raw-for-raw-sockets.patch
diff options
context:
space:
mode:
Diffstat (limited to 'nfc-enforce-cap_net_raw-for-raw-sockets.patch')
-rw-r--r--nfc-enforce-cap_net_raw-for-raw-sockets.patch38
1 files changed, 38 insertions, 0 deletions
diff --git a/nfc-enforce-cap_net_raw-for-raw-sockets.patch b/nfc-enforce-cap_net_raw-for-raw-sockets.patch
new file mode 100644
index 0000000..589f5db
--- /dev/null
+++ b/nfc-enforce-cap_net_raw-for-raw-sockets.patch
@@ -0,0 +1,38 @@
+From foo@baz Tue 01 Oct 2019 04:24:08 PM CEST
+From: Ori Nimron <orinimron123@gmail.com>
+Date: Fri, 20 Sep 2019 09:35:49 +0200
+Subject: nfc: enforce CAP_NET_RAW for raw sockets
+
+From: Ori Nimron <orinimron123@gmail.com>
+
+[ Upstream commit 3a359798b176183ef09efb7a3dc59abad1cc7104 ]
+
+When creating a raw AF_NFC socket, CAP_NET_RAW needs to be checked
+first.
+
+Signed-off-by: Ori Nimron <orinimron123@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/nfc/llcp_sock.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/net/nfc/llcp_sock.c
++++ b/net/nfc/llcp_sock.c
+@@ -1005,10 +1005,13 @@ static int llcp_sock_create(struct net *
+ sock->type != SOCK_RAW)
+ return -ESOCKTNOSUPPORT;
+
+- if (sock->type == SOCK_RAW)
++ if (sock->type == SOCK_RAW) {
++ if (!capable(CAP_NET_RAW))
++ return -EPERM;
+ sock->ops = &llcp_rawsock_ops;
+- else
++ } else {
+ sock->ops = &llcp_sock_ops;
++ }
+
+ sk = nfc_llcp_sock_alloc(sock, sock->type, GFP_ATOMIC);
+ if (sk == NULL)
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-31 11:20:43 +0000