diff options
| author | Jason Wang | 2021-02-24 05:57:40 +0100 |
|---|---|---|
| committer | Jason Wang | 2021-03-15 09:41:22 +0100 |
| commit | 331d2ac9ea307c990dc86e6493e8f0c48d14bb33 (patch) | |
| tree | 53391ca6860c35f15d40711d9413af6418ea0a6e /hw | |
| parent | e1000: switch to use qemu_receive_packet() for loopback (diff) | |
| download | qemu-331d2ac9ea307c990dc86e6493e8f0c48d14bb33.tar.gz qemu-331d2ac9ea307c990dc86e6493e8f0c48d14bb33.tar.xz qemu-331d2ac9ea307c990dc86e6493e8f0c48d14bb33.zip | |
dp8393x: switch to use qemu_receive_packet() for loopback packet
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com
Signed-off-by: Jason Wang <jasowang@redhat.com>
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/net/dp8393x.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c index 205c0decc5..533a8304d0 100644 --- a/hw/net/dp8393x.c +++ b/hw/net/dp8393x.c @@ -506,7 +506,7 @@ static void dp8393x_do_transmit_packets(dp8393xState *s) s->regs[SONIC_TCR] |= SONIC_TCR_CRSL; if (nc->info->can_receive(nc)) { s->loopback_packet = 1; - nc->info->receive(nc, s->tx_buffer, tx_len); + qemu_receive_packet(nc, s->tx_buffer, tx_len); } } else { /* Transmit packet */ |