| From c041a4da1ff119715e0ccf2d4a7af62568f17b93 Mon Sep 17 00:00:00 2001 |
| From: Jason Wang <jasowang@redhat.com> |
| Date: Wed, 24 Feb 2021 12:57:40 +0800 |
| Subject: [PATCH 03/10] dp8393x: switch to use qemu_receive_packet() for |
| loopback packet |
| MIME-Version: 1.0 |
| Content-Type: text/plain; charset=UTF-8 |
| Content-Transfer-Encoding: 8bit |
| |
| This patch switches to use qemu_receive_packet() which can detect |
| reentrancy and return early. |
| |
| This is intended to address CVE-2021-3416. |
| |
| Cc: Prasad J Pandit <ppandit@redhat.com> |
| Cc: qemu-stable@nongnu.org |
| Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com |
| Signed-off-by: Jason Wang <jasowang@redhat.com> |
| |
| Upstream-Status: Backport [331d2ac9ea307c990dc86e6493e8f0c48d14bb33] |
| CVE: CVE-2021-3416 |
| |
| Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> |
| --- |
| hw/net/dp8393x.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c |
| index 205c0decc..533a8304d 100644 |
| --- a/hw/net/dp8393x.c |
| +++ b/hw/net/dp8393x.c |
| @@ -506,7 +506,7 @@ static void dp8393x_do_transmit_packets(dp8393xState *s) |
| s->regs[SONIC_TCR] |= SONIC_TCR_CRSL; |
| if (nc->info->can_receive(nc)) { |
| s->loopback_packet = 1; |
| - nc->info->receive(nc, s->tx_buffer, tx_len); |
| + qemu_receive_packet(nc, s->tx_buffer, tx_len); |
| } |
| } else { |
| /* Transmit packet */ |
| -- |
| 2.29.2 |
| |