nixpkgs-suyu/pkgs/applications/virtualization/qemu/CVE-2020-27617.patch
Martin Weinelt 0c54b757e9
qemu: apply patch for CVE-2020-27617
An assert(3) failure issue was found in the networking helper functions of QEMU. It could occur in the eth_get_gso_type() routine, if a packet does not have a valid networking L3 protocol (ex. IPv4, IPv6) value. A guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

Fixes: CVE-2020-27617
2020-11-02 14:01:01 +01:00

43 lines
1.3 KiB
Diff

From 6d19c0cc6c5a9bba308fc29d7c0edc2dc372c41b Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed, 21 Oct 2020 11:35:50 +0530
Subject: [PATCH] net: remove an assert call in eth_get_gso_type
eth_get_gso_type() routine returns segmentation offload type based on
L3 protocol type. It calls g_assert_not_reached if L3 protocol is
unknown, making the following return statement unreachable. Remove the
g_assert call, it maybe triggered by a guest user.
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
net/eth.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/eth.c b/net/eth.c
index 0c1d413ee2..eee77071f9 100644
--- a/net/eth.c
+++ b/net/eth.c
@@ -16,6 +16,7 @@
*/
#include "qemu/osdep.h"
+#include "qemu/log.h"
#include "net/eth.h"
#include "net/checksum.h"
#include "net/tap.h"
@@ -71,9 +72,8 @@ eth_get_gso_type(uint16_t l3_proto, uint8_t *l3_hdr, uint8_t l4proto)
return VIRTIO_NET_HDR_GSO_TCPV6 | ecn_state;
}
}
-
- /* Unsupported offload */
- g_assert_not_reached();
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: probably not GSO frame, "
+ "unknown L3 protocol: 0x%04"PRIx16"\n", __func__, l3_proto);
return VIRTIO_NET_HDR_GSO_NONE | ecn_state;
}
--
2.28.0