thebeanogamer / rpms / qemu-kvm

Forked from rpms/qemu-kvm 5 months ago
Clone
Blob Blame History Raw
From d4913063320e52d9c3716732d8c6b7396a2288b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Tue, 28 Jan 2020 13:32:53 +0100
Subject: [PATCH 3/6] slirp: disable tcp_emu()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Message-id: <20200128133253.794107-2-marcandre.lureau@redhat.com>
Patchwork-id: 93569
O-Subject: [RHEL-8.2.0 qemu-kvm + RHEL-7.7 qemu-kvm + RHEL-6.11 qemu-kvm PATCH 1/1] slirp: disable tcp_emu()
Bugzilla: 1791679
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

Since libslirp 4.1, tcp_emu() is disabled by default because it is
known to cause several CVEs and is not useful today in most
cases. Qemu upstream doesn't have an option to enable it back at this
point, it's not clear if we ever want to expose that option anyway.

See also upstream commit 07c2a44b67e ("emu: disable by default")

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1791677
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 slirp/tcp_subr.c | 4 ++--
 slirp/udp.c      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index 8dae0cc..0ca7f02 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -516,7 +516,7 @@ tcp_tos(struct socket *so)
 	while(tcptos[i].tos) {
 		if ((tcptos[i].fport && (ntohs(so->so_fport) == tcptos[i].fport)) ||
 		    (tcptos[i].lport && (ntohs(so->so_lport) == tcptos[i].lport))) {
-			so->so_emu = tcptos[i].emu;
+			so->so_emu = 0; /* disabled */
 			return tcptos[i].tos;
 		}
 		i++;
@@ -526,7 +526,7 @@ tcp_tos(struct socket *so)
 	for (emup = tcpemu; emup; emup = emup->next) {
 		if ((emup->fport && (ntohs(so->so_fport) == emup->fport)) ||
 		    (emup->lport && (ntohs(so->so_lport) == emup->lport))) {
-			so->so_emu = emup->emu;
+			so->so_emu = 0; /* disabled */
 			return emup->tos;
 		}
 	}
diff --git a/slirp/udp.c b/slirp/udp.c
index 2188176..ee92790 100644
--- a/slirp/udp.c
+++ b/slirp/udp.c
@@ -339,7 +339,7 @@ udp_tos(struct socket *so)
 	while(udptos[i].tos) {
 		if ((udptos[i].fport && ntohs(so->so_fport) == udptos[i].fport) ||
 		    (udptos[i].lport && ntohs(so->so_lport) == udptos[i].lport)) {
-		    	so->so_emu = udptos[i].emu;
+			so->so_emu = 0; /* disabled */
 			return udptos[i].tos;
 		}
 		i++;
-- 
1.8.3.1