Non-root users could bypass the EPERM check and still modify
the interface MTU because the isroot check was not chained into
the same if-else block as the device and mtu validation.
Add the missing else to ensure the modification is skipped when
the caller is not root.
---
pfinet/iioctl-ops.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pfinet/iioctl-ops.c b/pfinet/iioctl-ops.c
index aae09df1..ccebec87 100644
--- a/pfinet/iioctl-ops.c
+++ b/pfinet/iioctl-ops.c
@@ -596,7 +596,7 @@ S_iioctl_siocsifmtu (struct sock_user *user,
if (!user->isroot)
err = EPERM;
- if (!dev)
+ else if (!dev)
err = ENODEV;
else if (mtu <= 0)
err = EINVAL;
--
2.54.0
