]> git.ipfire.org Git - thirdparty/qemu.git/commitdiff
projects / thirdparty / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 331d2ac)
msf2-mac: switch to use qemu_receive_packet() for loopback
authorJason Wang <jasowang@redhat.com>
Wed, 24 Feb 2021 05:00:01 +0000 (13:00 +0800)
committerJason Wang <jasowang@redhat.com>
Mon, 15 Mar 2021 08:41:22 +0000 (16:41 +0800)
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.

This is intended to address CVE-2021-3416.

Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
hw/net/msf2-emac.c patch | blob | blame | history

diff --git a/hw/net/msf2-emac.c b/hw/net/msf2-emac.c
index 32ba9e84124496fe22f165095d61b675ed71d805..3e6206044f8b441c9222f28cc1ec6d00d807dea8 100644 (file)
--- a/hw/net/msf2-emac.c
+++ b/hw/net/msf2-emac.c
@@ -158,7 +158,7 @@ static void msf2_dma_tx(MSF2EmacState *s)
          * R_CFG1 bit 0 is set.
          */
         if (s->regs[R_CFG1] & R_CFG1_LB_EN_MASK) {
-            nc->info->receive(nc, buf, size);
+            qemu_receive_packet(nc, buf, size);
         } else {
             qemu_send_packet(nc, buf, size);
         }
Mirror of https://git.qemu.org/git/qemu.git