Commit c2b03af4 authored by Jeimon's avatar Jeimon Committed by Wang Hai
Browse files

net/nfc/rawsock.c: fix a permission check bug 

stable inclusion
from stable-v4.19.195
commit ec72482564ff99c6832d33610d9f8ab7ecc81b6d
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9R4JW
CVE: CVE-2021-47285

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ec72482564ff99c6832d33610d9f8ab7ecc81b6d



--------------------------------

[ Upstream commit 8ab78863 ]

The function rawsock_create() calls a privileged function sk_alloc(), which requires a ns-aware check to check net->user_ns, i.e., ns_capable(). However, the original code checks the init_user_ns using capable(). So we replace the capable() with ns_capable().

Signed-off-by: default avatarJeimon <jjjinmeng.zhou@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarWang Hai <wanghai38@huawei.com>
parent 196331cd

net/nfc/rawsock.c

+1 −1
Original line number Diff line number Diff line
@@ -345,7 +345,7 @@ static int rawsock_create(struct net *net, struct socket *sock, 
		return -ESOCKTNOSUPPORT;



	if (sock->type == SOCK_RAW) {

		if (!capable(CAP_NET_RAW))

		if (!ns_capable(net->user_ns, CAP_NET_RAW))

			return -EPERM;

		sock->ops = &rawsock_raw_ops;

	} else {