tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

net/nfc/rawsock.c: add CAP_NET_RAW check.

When creating a raw AF_NFC socket, CAP_NET_RAW needs to be checked first.

Signed-off-by: Qingyu Li <ieatmuttonchuan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Qingyu Li and committed by
David S. Miller 26896f01 1dab5877

+5 -2
+5 -2
net/nfc/rawsock.c
··· 328 328 if ((sock->type != SOCK_SEQPACKET) && (sock->type != SOCK_RAW)) 329 329 return -ESOCKTNOSUPPORT; 330 330 331 - if (sock->type == SOCK_RAW) 331 + if (sock->type == SOCK_RAW) { 332 + if (!capable(CAP_NET_RAW)) 333 + return -EPERM; 332 334 sock->ops = &rawsock_raw_ops; 333 - else 335 + } else { 334 336 sock->ops = &rawsock_ops; 337 + } 335 338 336 339 sk = sk_alloc(net, PF_NFC, GFP_ATOMIC, nfc_proto->proto, kern); 337 340 if (!sk)