| From 65b851efd3d0280425c202f4e5880c48f8334dae Mon Sep 17 00:00:00 2001 |
| From: Alexander Bulekov <alxndr@bu.edu> |
| Date: Mon, 1 Mar 2021 14:35:30 -0500 |
| Subject: [PATCH 10/10] lan9118: switch to use qemu_receive_packet() for |
| loopback |
| MIME-Version: 1.0 |
| Content-Type: text/plain; charset=UTF-8 |
| Content-Transfer-Encoding: 8bit |
| |
| This patch switches to use qemu_receive_packet() which can detect |
| reentrancy and return early. |
| |
| This is intended to address CVE-2021-3416. |
| |
| Cc: Prasad J Pandit <ppandit@redhat.com> |
| Cc: qemu-stable@nongnu.org |
| Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com |
| Signed-off-by: Alexander Bulekov <alxndr@bu.edu> |
| Signed-off-by: Jason Wang <jasowang@redhat.com> |
| |
| Upstream-Status: Backport [37cee01784ff0df13e5209517e1b3594a5e792d1] |
| CVE: CVE-2021-3416 |
| |
| Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> |
| --- |
| hw/net/lan9118.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c |
| index ab57c02c8..75f18ae2d 100644 |
| --- a/hw/net/lan9118.c |
| +++ b/hw/net/lan9118.c |
| @@ -669,7 +669,7 @@ static void do_tx_packet(lan9118_state *s) |
| /* FIXME: Honor TX disable, and allow queueing of packets. */ |
| if (s->phy_control & 0x4000) { |
| /* This assumes the receive routine doesn't touch the VLANClient. */ |
| - lan9118_receive(qemu_get_queue(s->nic), s->txp->data, s->txp->len); |
| + qemu_receive_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); |
| } else { |
| qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); |
| } |
| -- |
| 2.29.2 |
| |