[NET]: Require CAP_NET_ADMIN to create tuntap devices.

[linux-2.6-omap-h63xx.git] / drivers / net / tun.c

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 50b8c6754b1ef333a225406a7465e9fdd2985dd6..6c62d5c882683f09267e06e9dade80f1cfb9482d 100644 (file)
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -249,8 +249,11 @@ static __inline__ ssize_t tun_get_user(struct tun_struct *tun, struct iovec *iv,
 
        if (align)
                skb_reserve(skb, align);
-       if (memcpy_fromiovec(skb_put(skb, len), iv, len))
+       if (memcpy_fromiovec(skb_put(skb, len), iv, len)) {
+               tun->stats.rx_dropped++;
+               kfree_skb(skb);
                return -EFAULT;
+       }
 
        skb->dev = tun->dev;
        switch (tun->flags & TUN_TYPE_MASK) {
@@ -487,6 +490,9 @@ static int tun_set_iff(struct file *file, struct ifreq *ifr)
 
                err = -EINVAL;
 
+               if (!capable(CAP_NET_ADMIN))
+                       return -EPERM;
+
                /* Set dev type */
                if (ifr->ifr_flags & IFF_TUN) {
                        /* TUN device */