On Fri, 2007-02-09 at 17:24 +0100, johannes@xxxxxxxxxxxxxxxx wrote:
>
> +int wext_ioctl(unsigned int cmd, struct ifreq *ifr, void __user *arg)
> +{
> + int ret = -EINVAL;
> +
> + /* If command is `set a parameter', or `get the encoding parameters',
> + * check if the user is allowed to do it */
> + if (IW_IS_SET(cmd) || cmd == SIOCGIWENCODE || cmd == SIOCGIWENCODEEXT)
> + if (!capable(CAP_NET_ADMIN))
> + return -EPERM;
> +
> + dev_load(ifr->ifr_name);
> +
> +#ifdef CONFIG_WIRELESS_EXT
> + rtnl_lock();
> + /* Follow me in wext-old.c */
> + ret = wireless_process_ioctl(ifr, cmd);
> + rtnl_unlock();
> +
> + if (ret == 0 && IW_IS_GET(cmd) &&
^^^^^^^^^^^^
That's the bug. That test must be removed.
johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
