ide/atapi: Fix START STOP UNIT command completion (CVE-2015-5154)

The command must be completed on all code paths. START STOP UNIT with
pwrcnd set should succeed without doing anything.

upstream-commit-id: 03441c3a4a42beb25460dd11592539030337d0f8

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index f7d2009c00e07d54c6c241bf3456e17c36f85491..be000545dfe7531cde43c5ffa63567a7a727ce50 100644 (file)
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -879,6 +879,7 @@ static void cmd_start_stop_unit(IDEState *s, uint8_t* buf)
 
     if (pwrcnd) {
         /* eject/load only happens for power condition == 0 */
+        ide_atapi_cmd_ok(s);
         return;
     }