diff options
| author | Jason Wang | 2021-02-24 06:27:52 +0100 |
|---|---|---|
| committer | Jason Wang | 2021-03-15 09:41:22 +0100 |
| commit | 8c552542b81e56ff532dd27ec6e5328954bdda73 (patch) | |
| tree | 4152ef9398fd76811955e4748096507a6a75326b /hw | |
| parent | sungem: switch to use qemu_receive_packet() for loopback (diff) | |
| download | qemu-8c552542b81e56ff532dd27ec6e5328954bdda73.tar.gz qemu-8c552542b81e56ff532dd27ec6e5328954bdda73.tar.xz qemu-8c552542b81e56ff532dd27ec6e5328954bdda73.zip | |
tx_pkt: switch to use qemu_receive_packet_iov() for loopback
This patch switches to use qemu_receive_receive_iov() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/net/net_tx_pkt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c index da262edc3e..1f9aa59eca 100644 --- a/hw/net/net_tx_pkt.c +++ b/hw/net/net_tx_pkt.c @@ -553,7 +553,7 @@ static inline void net_tx_pkt_sendv(struct NetTxPkt *pkt, NetClientState *nc, const struct iovec *iov, int iov_cnt) { if (pkt->is_loopback) { - nc->info->receive_iov(nc, iov, iov_cnt); + qemu_receive_packet_iov(nc, iov, iov_cnt); } else { qemu_sendv_packet(nc, iov, iov_cnt); } |