diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch new file mode 100644 index 0000000000..7deec1a347 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch @@ -0,0 +1,44 @@ +From 65b851efd3d0280425c202f4e5880c48f8334dae Mon Sep 17 00:00:00 2001 +From: Alexander Bulekov <alxndr@bu.edu> +Date: Mon, 1 Mar 2021 14:35:30 -0500 +Subject: [PATCH 10/10] lan9118: switch to use qemu_receive_packet() for + loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_packet() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com +Signed-off-by: Alexander Bulekov <alxndr@bu.edu> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [37cee01784ff0df13e5209517e1b3594a5e792d1] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/lan9118.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c +index ab57c02c8..75f18ae2d 100644 +--- a/hw/net/lan9118.c ++++ b/hw/net/lan9118.c +@@ -669,7 +669,7 @@ static void do_tx_packet(lan9118_state *s) + /* FIXME: Honor TX disable, and allow queueing of packets. */ + if (s->phy_control & 0x4000) { + /* This assumes the receive routine doesn't touch the VLANClient. */ +- lan9118_receive(qemu_get_queue(s->nic), s->txp->data, s->txp->len); ++ qemu_receive_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); + } else { + qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); + } +-- +2.29.2 + |