[Devel] [PATCH RHEL7 COMMIT] ms/crypto: user - Allow CRYPTO_MSG_GETALG without CAP_NET_ADMIN

Konstantin Khorenko Thu, 15 Jun 2023 10:06:04 -0700

The commit is pushed to "branch-rh7-3.10.0-1160.90.1.vz7.200.x-ovz" and will 
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.90.1.vz7.200.1
------>
commit 7ead7aeed4643f7dbd3b28af5892c088a111b4ac
Author: Matthias-Christian Ott <o...@mirix.org>
Date:   Thu May 8 21:58:12 2014 +0800


    ms/crypto: user - Allow CRYPTO_MSG_GETALG without CAP_NET_ADMIN
    
    CRYPTO_USER requires CAP_NET_ADMIN for all operations. Most information
    provided by CRYPTO_MSG_GETALG is also accessible through /proc/modules
    and AF_ALG. CRYPTO_MSG_GETALG should not require CAP_NET_ADMIN so that
    processes without CAP_NET_ADMIN can use CRYPTO_MSG_GETALG to get cipher
    details, such as cipher priorities, for AF_ALG.
    
    Signed-off-by: Matthias-Christian Ott <o...@mirix.org>
    Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
    
    https://jira.vzint.dev/browse/PSBM-147375
    
    (cherry picked from ms commit c568398aa05f852592d0e2b1dc893e6c5c14971c)
    Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
---
 crypto/crypto_user.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index e14b4fb69af4..1591d052db3f 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -330,6 +330,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct 
nlmsghdr *nlh,
        struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
        LIST_HEAD(list);
 
+       if (!netlink_capable(skb, CAP_NET_ADMIN))
+               return -EPERM;
+
        if (!null_terminated(p->cru_name) || 
!null_terminated(p->cru_driver_name))
                return -EINVAL;
 
@@ -360,6 +363,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct 
nlmsghdr *nlh,
        struct crypto_alg *alg;
        struct crypto_user_alg *p = nlmsg_data(nlh);
 
+       if (!netlink_capable(skb, CAP_NET_ADMIN))
+               return -EPERM;
+
        if (!null_terminated(p->cru_name) || 
!null_terminated(p->cru_driver_name))
                return -EINVAL;
 
@@ -444,6 +450,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct 
nlmsghdr *nlh,
        struct crypto_user_alg *p = nlmsg_data(nlh);
        struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
 
+       if (!netlink_capable(skb, CAP_NET_ADMIN))
+               return -EPERM;
+
        if (!null_terminated(p->cru_name) || 
!null_terminated(p->cru_driver_name))
                return -EINVAL;
 
@@ -532,9 +541,6 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct 
nlmsghdr *nlh)
        type -= CRYPTO_MSG_BASE;
        link = &crypto_dispatch[type];
 
-       if (!netlink_capable(skb, CAP_NET_ADMIN))
-               return -EPERM;
-
        if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) &&
            (nlh->nlmsg_flags & NLM_F_DUMP))) {
                struct crypto_alg *alg;
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH RHEL7 COMMIT] ms/crypto: user - Allow CRYPTO_MSG_GETALG without CAP_NET_ADMIN

Reply via email to