| From foo@baz Tue 01 Oct 2019 03:40:29 PM CEST |
| From: Ori Nimron <orinimron123@gmail.com> |
| Date: Fri, 20 Sep 2019 09:35:45 +0200 |
| Subject: mISDN: enforce CAP_NET_RAW for raw sockets |
| |
| From: Ori Nimron <orinimron123@gmail.com> |
| |
| [ Upstream commit b91ee4aa2a2199ba4d4650706c272985a5a32d80 ] |
| |
| When creating a raw AF_ISDN socket, CAP_NET_RAW needs to be checked |
| first. |
| |
| Signed-off-by: Ori Nimron <orinimron123@gmail.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/isdn/mISDN/socket.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/drivers/isdn/mISDN/socket.c |
| +++ b/drivers/isdn/mISDN/socket.c |
| @@ -764,6 +764,8 @@ base_sock_create(struct net *net, struct |
| |
| if (sock->type != SOCK_RAW) |
| return -ESOCKTNOSUPPORT; |
| + if (!capable(CAP_NET_RAW)) |
| + return -EPERM; |
| |
| sk = sk_alloc(net, PF_ISDN, GFP_KERNEL, &mISDN_proto, kern); |
| if (!sk) |