diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch new file mode 100644 index 0000000000..40b4bd96e7 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch @@ -0,0 +1,40 @@ +From c0010f9b2bafe866fe32e3c2688454bc24147136 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Wed, 24 Feb 2021 13:27:52 +0800 +Subject: [PATCH 06/10] tx_pkt: switch to use qemu_receive_packet_iov() for + loopback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch switches to use qemu_receive_receive_iov() which can detect +reentrancy and return early. + +This is intended to address CVE-2021-3416. + +Cc: Prasad J Pandit <ppandit@redhat.com> +Cc: qemu-stable@nongnu.org +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> + +Upstream-Status: Backport [8c552542b81e56ff532dd27ec6e5328954bdda73] +CVE: CVE-2021-3416 + +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + hw/net/net_tx_pkt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: qemu-4.2.0/hw/net/net_tx_pkt.c +=================================================================== +--- qemu-4.2.0.orig/hw/net/net_tx_pkt.c ++++ qemu-4.2.0/hw/net/net_tx_pkt.c +@@ -544,7 +544,7 @@ static inline void net_tx_pkt_sendv(stru + NetClientState *nc, const struct iovec *iov, int iov_cnt) + { + if (pkt->is_loopback) { +- nc->info->receive_iov(nc, iov, iov_cnt); ++ qemu_receive_packet_iov(nc, iov, iov_cnt); + } else { + qemu_sendv_packet(nc, iov, iov_cnt); + } |