From: Phil Blundell <philb@gnu.org>
Date: Wed, 24 Nov 2010 19:49:53 +0000 (-0800)
Subject: econet: fix CVE-2010-3850
X-Git-Tag: v2.6.33.8~281
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e2ebf28f8733a1cc3539a02e6c07e08e9eff9962;p=thirdparty%2Fkernel%2Fstable.git

econet: fix CVE-2010-3850

commit 16c41745c7b92a243d0874f534c1655196c64b74 upstream.

Add missing check for capable(CAP_NET_ADMIN) in SIOCSIFADDR operation.

Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
index 6153ec9a547e8..bc48a6b69ccdf 100644
--- a/net/econet/af_econet.c
+++ b/net/econet/af_econet.c
@@ -660,6 +660,9 @@ static int ec_dev_ioctl(struct socket *sock, unsigned int cmd, void __user *arg)
 	err = 0;
 	switch (cmd) {
 	case SIOCSIFADDR:
+		if (!capable(CAP_NET_ADMIN))
+			return -EPERM;
+
 		edev = dev->ec_ptr;
 		if (edev == NULL) {
 			/* Magic up a new one. */