yeahuh / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone
Blob Blame History Raw
From 6e4dad9d915f8de71e1695720398160c97e8ebd0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Mon, 20 May 2019 17:00:53 +0200
Subject: [PATCH 2/4] slirp: fix big/little endian conversion in ident protocol
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: <20190520170055.15404-3-marcandre.lureau@redhat.com>
Patchwork-id: 88100
O-Subject: [RHEL-7.6.z qemu-kvm PATCH 2/4] slirp: fix big/little endian conversion in ident protocol
Bugzilla: 1669067
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>

From: Samuel Thibault <samuel.thibault@ens-lyon.org>

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

[ MA - backported to ease backport of CVE-2019-6778 ]

(cherry picked from commit 1fd71067dae501f1c78618e9583c6cc72db0cfa6)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 slirp/tcp_subr.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index 0b7138b..80538a9 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -601,10 +601,12 @@ tcp_emu(struct socket *so, struct mbuf *m)
 						    tmpso->so_fport == n1) {
 							if (getsockname(tmpso->s,
 								(struct sockaddr *)&addr, &addrlen) == 0)
-							   n2 = ntohs(addr.sin_port);
+							   n2 = addr.sin_port;
 							break;
 						}
 					}
+					NTOHS(n1);
+					NTOHS(n2);
 					so_rcv->sb_cc = snprintf(so_rcv->sb_data,
 								 so_rcv->sb_datalen,
 								 "%d,%d\r\n", n1, n2);
-- 
1.8.3.1