ide/atapi: Fix START STOP UNIT command completion (CVE-2015-5154)

The command must be completed on all code paths. START STOP UNIT with
pwrcnd set should succeed without doing anything.

upstream-commit-id: 03441c3a4a42beb25460dd11592539030337d0f8

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index c63b7e556e0fb2af35da089cb024b118ee937a6d..2887b0f417ebbc3bfdc2c7fdd6467a0b6e0f8a72 100644 (file)
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -880,6 +880,7 @@ static void cmd_start_stop_unit(IDEState *s, uint8_t* buf)
 
     if (pwrcnd) {
         /* eject/load only happens for power condition == 0 */
+        ide_atapi_cmd_ok(s);
         return;
     }