ide/atapi: Fix START STOP UNIT command completion (CVE-2015-5154)

The command must be completed on all code paths. START STOP UNIT with
pwrcnd set should succeed without doing anything.

upstream-commit-id: 03441c3a4a42beb25460dd11592539030337d0f8

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index 05e60b1cdce6d1a644b65cd1b75ef7138b776386..f6d66a098bdb8bcc984f7ecf1e153abd1ee2bef1 100644 (file)
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -879,6 +879,7 @@ static void cmd_start_stop_unit(IDEState *s, uint8_t* buf)
 
     if (pwrcnd) {
         /* eject/load only happens for power condition == 0 */
+        ide_atapi_cmd_ok(s);
         return;
     }