|
 |
4549c1 |
From d4913063320e52d9c3716732d8c6b7396a2288b5 Mon Sep 17 00:00:00 2001
|
|
|
4549c1 |
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
|
|
4549c1 |
Date: Tue, 28 Jan 2020 13:32:53 +0100
|
|
|
4549c1 |
Subject: [PATCH 3/6] slirp: disable tcp_emu()
|
|
|
4549c1 |
MIME-Version: 1.0
|
|
|
4549c1 |
Content-Type: text/plain; charset=UTF-8
|
|
|
4549c1 |
Content-Transfer-Encoding: 8bit
|
|
|
4549c1 |
|
|
|
4549c1 |
Message-id: <20200128133253.794107-2-marcandre.lureau@redhat.com>
|
|
|
4549c1 |
Patchwork-id: 93569
|
|
|
4549c1 |
O-Subject: [RHEL-8.2.0 qemu-kvm + RHEL-7.7 qemu-kvm + RHEL-6.11 qemu-kvm PATCH 1/1] slirp: disable tcp_emu()
|
|
|
4549c1 |
Bugzilla: 1791679
|
|
|
4549c1 |
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
|
|
|
4549c1 |
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
|
|
|
4549c1 |
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
|
4549c1 |
|
|
|
4549c1 |
Since libslirp 4.1, tcp_emu() is disabled by default because it is
|
|
|
4549c1 |
known to cause several CVEs and is not useful today in most
|
|
|
4549c1 |
cases. Qemu upstream doesn't have an option to enable it back at this
|
|
|
4549c1 |
point, it's not clear if we ever want to expose that option anyway.
|
|
|
4549c1 |
|
|
|
4549c1 |
See also upstream commit 07c2a44b67e ("emu: disable by default")
|
|
|
4549c1 |
|
|
|
4549c1 |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1791677
|
|
|
4549c1 |
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
|
4549c1 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
4549c1 |
---
|
|
|
4549c1 |
slirp/tcp_subr.c | 4 ++--
|
|
|
4549c1 |
slirp/udp.c | 2 +-
|
|
|
4549c1 |
2 files changed, 3 insertions(+), 3 deletions(-)
|
|
|
4549c1 |
|
|
|
4549c1 |
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
|
|
|
4549c1 |
index 8dae0cc..0ca7f02 100644
|
|
|
4549c1 |
--- a/slirp/tcp_subr.c
|
|
|
4549c1 |
+++ b/slirp/tcp_subr.c
|
|
|
4549c1 |
@@ -516,7 +516,7 @@ tcp_tos(struct socket *so)
|
|
|
4549c1 |
while(tcptos[i].tos) {
|
|
|
4549c1 |
if ((tcptos[i].fport && (ntohs(so->so_fport) == tcptos[i].fport)) ||
|
|
|
4549c1 |
(tcptos[i].lport && (ntohs(so->so_lport) == tcptos[i].lport))) {
|
|
|
4549c1 |
- so->so_emu = tcptos[i].emu;
|
|
|
4549c1 |
+ so->so_emu = 0; /* disabled */
|
|
|
4549c1 |
return tcptos[i].tos;
|
|
|
4549c1 |
}
|
|
|
4549c1 |
i++;
|
|
|
4549c1 |
@@ -526,7 +526,7 @@ tcp_tos(struct socket *so)
|
|
|
4549c1 |
for (emup = tcpemu; emup; emup = emup->next) {
|
|
|
4549c1 |
if ((emup->fport && (ntohs(so->so_fport) == emup->fport)) ||
|
|
|
4549c1 |
(emup->lport && (ntohs(so->so_lport) == emup->lport))) {
|
|
|
4549c1 |
- so->so_emu = emup->emu;
|
|
|
4549c1 |
+ so->so_emu = 0; /* disabled */
|
|
|
4549c1 |
return emup->tos;
|
|
|
4549c1 |
}
|
|
|
4549c1 |
}
|
|
|
4549c1 |
diff --git a/slirp/udp.c b/slirp/udp.c
|
|
|
4549c1 |
index 2188176..ee92790 100644
|
|
|
4549c1 |
--- a/slirp/udp.c
|
|
|
4549c1 |
+++ b/slirp/udp.c
|
|
|
4549c1 |
@@ -339,7 +339,7 @@ udp_tos(struct socket *so)
|
|
|
4549c1 |
while(udptos[i].tos) {
|
|
|
4549c1 |
if ((udptos[i].fport && ntohs(so->so_fport) == udptos[i].fport) ||
|
|
|
4549c1 |
(udptos[i].lport && ntohs(so->so_lport) == udptos[i].lport)) {
|
|
|
4549c1 |
- so->so_emu = udptos[i].emu;
|
|
|
4549c1 |
+ so->so_emu = 0; /* disabled */
|
|
|
4549c1 |
return udptos[i].tos;
|
|
|
4549c1 |
}
|
|
|
4549c1 |
i++;
|
|
|
4549c1 |
--
|
|
|
4549c1 |
1.8.3.1
|
|
|
4549c1 |
|