diff mbox

[Trusty,CVE-2014-0181,1/6] net: Fix permission check in, netlink_connect()

Message ID 53B55271.8010606@canonical.com
State New
Headers show

Commit Message

Maarten Lankhorst July 3, 2014, 12:54 p.m. UTC 
BugLink: https://launchpad.net/bugs/1312989

netlink_sendmsg() was changed to prevent non-root processes from sending
messages with dst_pid != 0.
netlink_connect() however still only checks if nladdr->nl_groups is set.
This patch modifies netlink_connect() to check for the same condition.

Signed-off-by: Mike Pecovnik <mike.pecovnik@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 46833a86f7ab30101096d81117dd250bfae74c6f)
Signed-off-by: Maarten Lankhorst <maarten.lankhorst@canonical.com>
---
 net/netlink/af_netlink.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff mbox

Patch

diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index bca50b9..2f90520 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1481,8 +1481,8 @@  static int netlink_connect(struct socket *sock, struct sockaddr *addr,
 	if (addr->sa_family != AF_NETLINK)
 		return -EINVAL;
 
-	/* Only superuser is allowed to send multicasts */
-	if (nladdr->nl_groups && !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
+	if ((nladdr->nl_groups || nladdr->nl_pid) &&
+	    !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
 		return -EPERM;
 
 	if (!nlk->portid)