aaacad5f87
Fix CVE-2021-3416 This patch switches to use qemu_receive_packet() which can detect reentrancy and return early. This is intended to address CVE-2021-3416. Cc: Prasad J Pandit <ppandit@redhat.com> Cc: qemu-stable@nongnu.org Buglink: https://bugs.launchpad.net/qemu/+bug/1910826 Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
44 lines
1.3 KiB
Diff
44 lines
1.3 KiB
Diff
From beaa8c1788fa201ca4e4c8dc58b96c8d67ae8389 Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bulekov <alxndr@bu.edu>
|
|
Date: Fri, 14 May 2021 10:35:11 +0800
|
|
Subject: [PATCH] rtl8139: switch to use qemu_receive_packet() for loopback
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Fix CVE-2021-3416
|
|
|
|
This patch switches to use qemu_receive_packet() which can detect
|
|
reentrancy and return early.
|
|
|
|
This is intended to address CVE-2021-3416.
|
|
|
|
Cc: Prasad J Pandit <ppandit@redhat.com>
|
|
Cc: qemu-stable@nongnu.org
|
|
Buglink: https://bugs.launchpad.net/qemu/+bug/1910826
|
|
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com
|
|
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
|
|
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
|
|
|
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
|
|
---
|
|
hw/net/rtl8139.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
|
|
index 09273171e5..79584fbb17 100644
|
|
--- a/hw/net/rtl8139.c
|
|
+++ b/hw/net/rtl8139.c
|
|
@@ -1792,7 +1792,7 @@ static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size,
|
|
}
|
|
|
|
DPRINTF("+++ transmit loopback mode\n");
|
|
- rtl8139_do_receive(qemu_get_queue(s->nic), buf, size, do_interrupt);
|
|
+ qemu_receive_packet(qemu_get_queue(s->nic), buf, size);
|
|
|
|
if (iov) {
|
|
g_free(buf2);
|
|
--
|
|
2.27.0
|
|
|