File xsa178-0016-libxl-Do-not-trust-backend-for-nic-... of Package xen.5015

Overview Repositories Revisions Requests Users Attributes Meta

File xsa178-0016-libxl-Do-not-trust-backend-for-nic-in-list.patch of Package xen.5015

References: bsc#979670 CVE-2016-4963 XSA-178

From ee0b02e920847b5ff198f0d43968cda9c544c983 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Wed, 4 May 2016 16:23:57 +0100
Subject: [PATCH 16/21] libxl: Do not trust backend for nic in list

libxl_device_nic_list should use the /libxl path to search for
devices, and for obtaining the device information.

The "type" parameter was always "vif".  Abolish it.  (In any case,
paths in /libxl/device are named after the frontend type which is
constant, not the backend type which might in future vary.)

Abolish a redundant store to pnic->backend_domid.  Before this commit,
that store was not needed because libxl_device_nic_init (called by
libxl__device_nic_from_xenstore) would zero it.  Now it overwrites the
correct backend domid with zero; so remove it.

This is part of XSA-178.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---
 tools/libxl/libxl.c | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

Index: xen-4.4.4-testing/tools/libxl/libxl.c
===================================================================
--- xen-4.4.4-testing.orig/tools/libxl/libxl.c
+++ xen-4.4.4-testing/tools/libxl/libxl.c
@@ -3101,21 +3101,20 @@ out:
     return rc;
 }
 
-static int libxl__append_nic_list_of_type(libxl__gc *gc,
+static int libxl__append_nic_list(libxl__gc *gc,
                                            uint32_t domid,
-                                           const char *type,
                                            libxl_device_nic **nics,
                                            int *nnics)
 {
-    char *be_path = NULL;
+    char *libxl_dir_path = NULL;
     char **dir = NULL;
     unsigned int n = 0;
     libxl_device_nic *pnic = NULL, *pnic_end = NULL;
     int rc;
 
-    be_path = libxl__sprintf(gc, "%s/backend/%s/%d",
-                             libxl__xs_get_dompath(gc, 0), type, domid);
-    dir = libxl__xs_directory(gc, XBT_NULL, be_path, &n);
+    libxl_dir_path = GCSPRINTF("%s/device/vif",
+                               libxl__xs_libxl_path(gc, domid));
+    dir = libxl__xs_directory(gc, XBT_NULL, libxl_dir_path, &n);
     if (dir && n) {
         libxl_device_nic *tmp;
         tmp = realloc(*nics, sizeof (libxl_device_nic) * (*nnics + n));
@@ -3126,10 +3125,9 @@ static int libxl__append_nic_list_of_typ
         pnic_end = *nics + *nnics + n;
         for (; pnic < pnic_end; pnic++, dir++) {
             const char *p;
-            p = libxl__sprintf(gc, "%s/%s", be_path, *dir);
+            p = GCSPRINTF("%s/%s", libxl_dir_path, *dir);
             rc = libxl__device_nic_from_xenstore(gc, p, pnic);
             if (rc) goto out;
-            pnic->backend_domid = 0;
         }
         *nnics += n;
     }
@@ -3147,7 +3145,7 @@ libxl_device_nic *libxl_device_nic_list(
 
     *num = 0;
 
-    rc = libxl__append_nic_list_of_type(gc, domid, "vif", &nics, num);
+    rc = libxl__append_nic_list(gc, domid, &nics, num);
     if (rc) goto out_err;
 
     GC_FREE;

Places

File xsa178-0016-libxl-Do-not-trust-backend-for-nic-in-list.patch of Package xen.5015

Places