Merge tag 'v4.4.114' into linux-linaro-lsk-v4.4lsk-v4.4-18.02

This is the 4.4.114 stable release
author: Alex Shi <alex.shi@linaro.org> 2018-02-01 12:02:34 +0800
committer: Alex Shi <alex.shi@linaro.org> 2018-02-01 12:02:34 +0800
commit: a40f2a595adfe0be6ced06fdb4c4a24ae3291a91 (patch)
tree: 4e99ec8bd3ce134bdbafd54a0fc873f11c33e21b /net/netfilter/xt_osf.c
parent: 293c379504006b5ea8b4e7109ba4ebc3211f9b91 (diff)
parent: 49fe90b853dfb1087d0a734cd7f4af1aa00c8e53 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/net/netfilter/xt_osf.c b/net/netfilter/xt_osf.c
index df8801e02a32..7eae0d0af89a 100644
--- a/net/netfilter/xt_osf.c
+++ b/net/netfilter/xt_osf.c
@@ -19,6 +19,7 @@
 #include <linux/module.h>
 #include <linux/kernel.h>
 
+#include <linux/capability.h>
 #include <linux/if.h>
 #include <linux/inetdevice.h>
 #include <linux/ip.h>
@@ -69,6 +70,9 @@ static int xt_osf_add_callback(struct sock *ctnl, struct sk_buff *skb,
 	struct xt_osf_finger *kf = NULL, *sf;
 	int err = 0;
 
+	if (!capable(CAP_NET_ADMIN))
+		return -EPERM;
+
 	if (!osf_attrs[OSF_ATTR_FINGER])
 		return -EINVAL;
 
@@ -112,6 +116,9 @@ static int xt_osf_remove_callback(struct sock *ctnl, struct sk_buff *skb,
 	struct xt_osf_finger *sf;
 	int err = -ENOENT;
 
+	if (!capable(CAP_NET_ADMIN))
+		return -EPERM;
+
 	if (!osf_attrs[OSF_ATTR_FINGER])
 		return -EINVAL;
author	Alex Shi <alex.shi@linaro.org>	2018-02-01 12:02:34 +0800
committer	Alex Shi <alex.shi@linaro.org>	2018-02-01 12:02:34 +0800
commit	a40f2a595adfe0be6ced06fdb4c4a24ae3291a91 (patch)
tree	4e99ec8bd3ce134bdbafd54a0fc873f11c33e21b /net/netfilter/xt_osf.c
parent	293c379504006b5ea8b4e7109ba4ebc3211f9b91 (diff)
parent	49fe90b853dfb1087d0a734cd7f4af1aa00c8e53 (diff)