AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-02-07 13:35:20 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
78f7a7566f
linux_dsm_epyc7002/drivers/net/wireless
History
Michael Ellerman 78f7a7566f airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE 
The driver for Cisco Aironet 4500 and 4800 series cards (airo.c),
implements AIROOLDIOCTL/SIOCDEVPRIVATE in airo_ioctl().

The ioctl handler copies an aironet_ioctl struct from userspace, which
includes a command. Some of the commands are handled in readrids(),
where the user controlled command is converted into a driver-internal
value called "ridcode".

There are two command values, AIROGWEPKTMP and AIROGWEPKNV, which
correspond to ridcode values of RID_WEP_TEMP and RID_WEP_PERM
respectively. These commands both have checks that the user has
CAP_NET_ADMIN, with the comment that "Only super-user can read WEP
keys", otherwise they return -EPERM.

However there is another command value, AIRORRID, that lets the user
specify the ridcode value directly, with no other checks. This means
the user can bypass the CAP_NET_ADMIN check on AIROGWEPKTMP and
AIROGWEPKNV.

Fix it by moving the CAP_NET_ADMIN check out of the command handling
and instead do it later based on the ridcode. That way regardless of
whether the ridcode is set via AIROGWEPKTMP or AIROGWEPKNV, or passed
in using AIRORID, we always do the CAP_NET_ADMIN check.

Found by Ilja by code inspection, not tested as I don't have the
required hardware.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-23 11:01:13 +01:00
..
admtek adm80211: remove set but not used variables 'mem_addr' and 'io_addr' 2019-10-24 08:48:00 +03:00
ath wireless-drivers fixes for v5.5 2019-12-17 14:27:35 -08:00
atmel drivers: net: Fix Kconfig indentation, continued 2019-11-21 11:54:09 -08:00
broadcom brcmfmac: remove monitor interface when detaching 2019-11-20 09:46:14 +02:00
cisco airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE 2020-01-23 11:01:13 +01:00
intel net: Fix packet reordering caused by GRO and listified RX cooperation 2020-01-22 20:36:37 +01:00
intersil net: core: add generic lockdep keys 2019-10-24 14:53:48 -07:00
marvell Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-12-22 09:54:33 -08:00
mediatek mt76: mt76x0: fix default mac address overwrite 2019-12-02 16:49:05 +02:00
quantenna qtnfmac: process HE capabilities requests 2019-11-20 09:43:01 +02:00
ralink drivers: net: Fix Kconfig indentation, continued 2019-11-21 11:54:09 -08:00
realtek rtl8xxxu: Remove set but not used variable 'vif','dev','len' 2019-11-20 09:47:19 +02:00
rsi wireless-drivers-next patches for 5.5 2019-11-05 18:36:35 -08:00
st net/wireless: Delete unnecessary checks before the macro call “dev_kfree_skb” 2019-10-15 08:27:02 +03:00
ti MMC core: 2019-11-27 10:03:52 -08:00
zydas zd1211rw: zd_usb: Use "%zu" to format size_t 2019-09-21 08:57:35 +03:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
mac80211_hwsim.c mac80211_hwsim: use DEFINE_DEBUGFS_ATTRIBUTE to define debugfs fops 2019-11-08 10:17:33 +01:00
mac80211_hwsim.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
Makefile
ray_cs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 416 2019-06-05 17:37:15 +02:00
ray_cs.h
rayctl.h
rndis_wlan.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
virt_wifi.c virt_wifi: fix use-after-free in virt_wifi_newlink() 2019-11-22 13:36:25 +01:00
wl3501_cs.c wl3501_cs: remove redundant variable rc 2019-07-24 14:45:24 +03:00
wl3501.h