|
 |
016a62 |
From 3bb5804776e5141690ff6fbb5b07b2a0307391ee Mon Sep 17 00:00:00 2001
|
|
|
016a62 |
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
|
|
016a62 |
Date: Tue, 28 Jan 2020 13:32:53 +0000
|
|
|
016a62 |
Subject: [PATCH 1/2] slirp: disable tcp_emu()
|
|
|
016a62 |
MIME-Version: 1.0
|
|
|
016a62 |
Content-Type: text/plain; charset=UTF-8
|
|
|
016a62 |
Content-Transfer-Encoding: 8bit
|
|
|
016a62 |
|
|
|
016a62 |
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
|
016a62 |
Message-id: <20200128133253.794107-2-marcandre.lureau@redhat.com>
|
|
|
016a62 |
Patchwork-id: 93569
|
|
|
016a62 |
O-Subject: [RHEL-8.2.0 qemu-kvm + RHEL-7.7 qemu-kvm + RHEL-6.11 qemu-kvm PATCH 1/1] slirp: disable tcp_emu()
|
|
|
016a62 |
Bugzilla: 1791677
|
|
|
016a62 |
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
|
|
|
016a62 |
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
|
|
|
016a62 |
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
|
016a62 |
|
|
|
016a62 |
Since libslirp 4.1, tcp_emu() is disabled by default because it is
|
|
|
016a62 |
known to cause several CVEs and is not useful today in most
|
|
|
016a62 |
cases. Qemu upstream doesn't have an option to enable it back at this
|
|
|
016a62 |
point, it's not clear if we ever want to expose that option anyway.
|
|
|
016a62 |
|
|
|
016a62 |
See also upstream commit 07c2a44b67e ("emu: disable by default")
|
|
|
016a62 |
|
|
|
016a62 |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1791677
|
|
|
016a62 |
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
|
016a62 |
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
|
|
016a62 |
---
|
|
|
016a62 |
slirp/tcp_subr.c | 4 ++--
|
|
|
016a62 |
slirp/udp.c | 2 +-
|
|
|
016a62 |
2 files changed, 3 insertions(+), 3 deletions(-)
|
|
|
016a62 |
|
|
|
016a62 |
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
|
|
|
016a62 |
index b95ba23..ac14366 100644
|
|
|
016a62 |
--- a/slirp/tcp_subr.c
|
|
|
016a62 |
+++ b/slirp/tcp_subr.c
|
|
|
016a62 |
@@ -568,7 +568,7 @@ tcp_tos(struct socket *so)
|
|
|
016a62 |
while(tcptos[i].tos) {
|
|
|
016a62 |
if ((tcptos[i].fport && (ntohs(so->so_fport) == tcptos[i].fport)) ||
|
|
|
016a62 |
(tcptos[i].lport && (ntohs(so->so_lport) == tcptos[i].lport))) {
|
|
|
016a62 |
- so->so_emu = tcptos[i].emu;
|
|
|
016a62 |
+ so->so_emu = 0; /* disabled */
|
|
|
016a62 |
return tcptos[i].tos;
|
|
|
016a62 |
}
|
|
|
016a62 |
i++;
|
|
|
016a62 |
@@ -578,7 +578,7 @@ tcp_tos(struct socket *so)
|
|
|
016a62 |
for (emup = tcpemu; emup; emup = emup->next) {
|
|
|
016a62 |
if ((emup->fport && (ntohs(so->so_fport) == emup->fport)) ||
|
|
|
016a62 |
(emup->lport && (ntohs(so->so_lport) == emup->lport))) {
|
|
|
016a62 |
- so->so_emu = emup->emu;
|
|
|
016a62 |
+ so->so_emu = 0; /* disabled */
|
|
|
016a62 |
return emup->tos;
|
|
|
016a62 |
}
|
|
|
016a62 |
}
|
|
|
016a62 |
diff --git a/slirp/udp.c b/slirp/udp.c
|
|
|
016a62 |
index 227d779..f5f5548 100644
|
|
|
016a62 |
--- a/slirp/udp.c
|
|
|
016a62 |
+++ b/slirp/udp.c
|
|
|
016a62 |
@@ -313,7 +313,7 @@ udp_tos(struct socket *so)
|
|
|
016a62 |
while(udptos[i].tos) {
|
|
|
016a62 |
if ((udptos[i].fport && ntohs(so->so_fport) == udptos[i].fport) ||
|
|
|
016a62 |
(udptos[i].lport && ntohs(so->so_lport) == udptos[i].lport)) {
|
|
|
016a62 |
- so->so_emu = udptos[i].emu;
|
|
|
016a62 |
+ so->so_emu = 0; /* disabled */
|
|
|
016a62 |
return udptos[i].tos;
|
|
|
016a62 |
}
|
|
|
016a62 |
i++;
|
|
|
016a62 |
--
|
|
|
016a62 |
1.8.3.1
|
|
|
016a62 |
|