diff options
Diffstat (limited to 'nfc-enforce-cap_net_raw-for-raw-sockets.patch')
-rw-r--r-- | nfc-enforce-cap_net_raw-for-raw-sockets.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/nfc-enforce-cap_net_raw-for-raw-sockets.patch b/nfc-enforce-cap_net_raw-for-raw-sockets.patch new file mode 100644 index 0000000..589f5db --- /dev/null +++ b/nfc-enforce-cap_net_raw-for-raw-sockets.patch @@ -0,0 +1,38 @@ +From foo@baz Tue 01 Oct 2019 04:24:08 PM CEST +From: Ori Nimron <orinimron123@gmail.com> +Date: Fri, 20 Sep 2019 09:35:49 +0200 +Subject: nfc: enforce CAP_NET_RAW for raw sockets + +From: Ori Nimron <orinimron123@gmail.com> + +[ Upstream commit 3a359798b176183ef09efb7a3dc59abad1cc7104 ] + +When creating a raw AF_NFC socket, CAP_NET_RAW needs to be checked +first. + +Signed-off-by: Ori Nimron <orinimron123@gmail.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + net/nfc/llcp_sock.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/net/nfc/llcp_sock.c ++++ b/net/nfc/llcp_sock.c +@@ -1005,10 +1005,13 @@ static int llcp_sock_create(struct net * + sock->type != SOCK_RAW) + return -ESOCKTNOSUPPORT; + +- if (sock->type == SOCK_RAW) ++ if (sock->type == SOCK_RAW) { ++ if (!capable(CAP_NET_RAW)) ++ return -EPERM; + sock->ops = &llcp_rawsock_ops; +- else ++ } else { + sock->ops = &llcp_sock_ops; ++ } + + sk = nfc_llcp_sock_alloc(sock, sock->type, GFP_ATOMIC); + if (sk == NULL) |