[PULL 08/16] dp8393x: switch to use qemu_receive_packet() for loopback packet

Jason Wang Thu, 11 Mar 2021 22:19:31 -0800

This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.


This is intended to address CVE-2021-3416.

Cc: Prasad J Pandit <ppan...@redhat.com>
Cc: qemu-sta...@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com
Signed-off-by: Jason Wang <jasow...@redhat.com>
---
 hw/net/dp8393x.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 205c0de..533a830 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -506,7 +506,7 @@ static void dp8393x_do_transmit_packets(dp8393xState *s)
             s->regs[SONIC_TCR] |= SONIC_TCR_CRSL;
             if (nc->info->can_receive(nc)) {
                 s->loopback_packet = 1;
-                nc->info->receive(nc, s->tx_buffer, tx_len);
+                qemu_receive_packet(nc, s->tx_buffer, tx_len);
             }
         } else {
             /* Transmit packet */
-- 
2.7.4

[PULL 08/16] dp8393x: switch to use qemu_receive_packet() for loopback packet

Reply via email to