| Message ID | 20200818080703.GA31526@oppo (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | net/bluetooth/bnep/sock.c: add CAP_NET_RAW check. | expand |
On Tue, 18 Aug 2020 16:07:03 +0800 Qingyu Li <ieatmuttonchuan@gmail.com> wrote: > When creating a raw PF_BLUETOOTH socket, > CAP_NET_RAW needs to be checked first. > These changes should be part of a series (patch 0,1,2 at least), and all my replies on your other patch apply to this one as well.
diff --git a/net/bluetooth/bnep/sock.c b/net/bluetooth/bnep/sock.c index d515571b2afb..e06787a3b5ce 100644 --- a/net/bluetooth/bnep/sock.c +++ b/net/bluetooth/bnep/sock.c @@ -204,6 +204,9 @@ static int bnep_sock_create(struct net *net, struct socket *sock, int protocol, if (sock->type != SOCK_RAW) return -ESOCKTNOSUPPORT; + if (!capable(CAP_NET_RAW)) + return -EPERM; + sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &bnep_proto, kern); if (!sk) return -ENOMEM;
When creating a raw PF_BLUETOOTH socket, CAP_NET_RAW needs to be checked first. Signed-off-by: Qingyu Li <ieatmuttonchuan@gmail.com> --- net/bluetooth/bnep/sock.c | 3 +++ 1 file changed, 3 insertions(+) -- 2.17.1