aboutsummaryrefslogtreecommitdiff
path: root/hw/net
diff options
context:
space:
mode:
authorJason Wang <jasowang@redhat.com>2021-02-24 13:27:52 +0800
committerJason Wang <jasowang@redhat.com>2021-03-15 16:41:22 +0800
commit8c552542b81e56ff532dd27ec6e5328954bdda73 (patch)
tree4152ef9398fd76811955e4748096507a6a75326b /hw/net
parent8c92060d3c0248bd4d515719a35922cd2391b9b4 (diff)
downloadqemu-8c552542b81e56ff532dd27ec6e5328954bdda73.zip
qemu-8c552542b81e56ff532dd27ec6e5328954bdda73.tar.gz
qemu-8c552542b81e56ff532dd27ec6e5328954bdda73.tar.bz2
tx_pkt: switch to use qemu_receive_packet_iov() for loopback
This patch switches to use qemu_receive_receive_iov() which can detect reentrancy and return early. This is intended to address CVE-2021-3416. Cc: Prasad J Pandit <ppandit@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Diffstat (limited to 'hw/net')
-rw-r--r--hw/net/net_tx_pkt.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
index da262ed..1f9aa59 100644
--- a/hw/net/net_tx_pkt.c
+++ b/hw/net/net_tx_pkt.c
@@ -553,7 +553,7 @@ static inline void net_tx_pkt_sendv(struct NetTxPkt *pkt,
NetClientState *nc, const struct iovec *iov, int iov_cnt)
{
if (pkt->is_loopback) {
- nc->info->receive_iov(nc, iov, iov_cnt);
+ qemu_receive_packet_iov(nc, iov, iov_cnt);
} else {
qemu_sendv_packet(nc, iov, iov_cnt);
}