Skip to content

Commit ce76398

Browse files
ArmondileSomasundaram Krishnasamy
authored andcommitted
mISDN: enforce CAP_NET_RAW for raw sockets
When creating a raw AF_ISDN socket, CAP_NET_RAW needs to be checked first. Signed-off-by: Ori Nimron <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: David S. Miller <[email protected]> (cherry picked from commit b91ee4a) Orabug: 30445154 CVE: CVE-2019-17055 Reviewed-by: John Donnelly <[email protected]> Signed-off-by: Allen Pais <[email protected]> Signed-off-by: Somasundaram Krishnasamy <[email protected]>
1 parent b765eda commit ce76398

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

drivers/isdn/mISDN/socket.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -766,6 +766,8 @@ base_sock_create(struct net *net, struct socket *sock, int protocol, int kern)
766766

767767
if (sock->type != SOCK_RAW)
768768
return -ESOCKTNOSUPPORT;
769+
if (!capable(CAP_NET_RAW))
770+
return -EPERM;
769771

770772
sk = sk_alloc(net, PF_ISDN, GFP_KERNEL, &mISDN_proto, kern);
771773
if (!sk)

0 commit comments

Comments
 (0)