44 lines
1.2 KiB
Diff
44 lines
1.2 KiB
Diff
CVE-2021-20255 patch adapted from QEMU patch by Stefan Weil
|
|
|
|
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1930646
|
|
|
|
Signed-off-by: Neha Agarwal <nehaagarwal@microsoft.com>
|
|
---
|
|
diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
|
|
index 16e95ef9cc..2474cf3dc2 100644
|
|
--- a/hw/net/eepro100.c
|
|
+++ b/hw/net/eepro100.c
|
|
@@ -279,6 +279,9 @@ typedef struct {
|
|
/* Quasi static device properties (no need to save them). */
|
|
uint16_t stats_size;
|
|
bool has_extended_tcb_support;
|
|
+
|
|
+ /* Flag to avoid recursions. */
|
|
+ bool busy;
|
|
} EEPRO100State;
|
|
|
|
/* Word indices in EEPROM. */
|
|
@@ -837,6 +840,14 @@ static void action_command(EEPRO100State *s)
|
|
Therefore we limit the number of iterations. */
|
|
unsigned max_loop_count = 16;
|
|
|
|
+ if (s->busy) {
|
|
+ /* Prevent recursions. */
|
|
+ logout("recursion in %s:%u\n", __FILE__, __LINE__);
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ s->busy = true;
|
|
+
|
|
for (;;) {
|
|
bool bit_el;
|
|
bool bit_s;
|
|
@@ -933,6 +944,7 @@ static void action_command(EEPRO100State *s)
|
|
}
|
|
TRACE(OTHER, logout("CU list empty\n"));
|
|
/* List is empty. Now CU is idle or suspended. */
|
|
+ s->busy = false;
|
|
}
|
|
|
|
static void eepro100_cu_command(EEPRO100State * s, uint8_t val)
|