From 39f2c179e7b0be85d87303e07f794586a5976f84 Mon Sep 17 00:00:00 2001
From: Zhao Xuewen <zhaoxuewen@huawei.com>
Date: Tue, 7 Jun 2016 19:45:52 +0800
Subject: net: wireless: bcmdhd: check privilege on priv cmd

check net admin capability for ioctl calls
CVE-2016-2475
BUG=26425765

Change-Id: I02d471d8f486e4773d72c67244dcb03b2b4835ed
Signed-off-by: Jerry Lee <jerrylee@broadcom.com>
---
 drivers/net/wireless/bcmdhd/wl_android.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/net/wireless/bcmdhd/wl_android.c b/drivers/net/wireless/bcmdhd/wl_android.c
index 36ab67bc8866..126cb17bc69e 100644
--- a/drivers/net/wireless/bcmdhd/wl_android.c
+++ b/drivers/net/wireless/bcmdhd/wl_android.c
@@ -1287,6 +1287,11 @@ int wl_android_priv_cmd(struct net_device *net, struct ifreq *ifr, int cmd)
 		goto exit;
 	}
 
+	if (!capable(CAP_NET_ADMIN)) {
+		ret = -EPERM;
+		goto exit;
+	}
+
 #ifdef CONFIG_COMPAT
 	if (is_compat_task()) {
 		compat_android_wifi_priv_cmd compat_priv_cmd;
-- 
cgit v1.2.3