Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
xen.3242
xsa175-0008-libxl-Do-not-trust-frontend-for-vtp...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa175-0008-libxl-Do-not-trust-frontend-for-vtpm-in-getinfo.patch of Package xen.3242
References: bsc#979620 CVE-2016-4962 XSA-175 From d36cdc6238506f65ca9ce2bb008c61e45dbcb9d0 Mon Sep 17 00:00:00 2001 From: Ian Jackson <ian.jackson@eu.citrix.com> Date: Tue, 3 May 2016 16:00:20 +0100 Subject: [PATCH 08/12] libxl: Do not trust frontend for vtpm in getinfo libxl_device_vtpm_getinfo needs to examine devices without trusting frontend-controlled data. So: * Use /libxl to find the backend path. * Parse the backend path to find the backend domid, rather than reading it from the frontend. This is part of XSA-175. Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> --- tools/libxl/libxl.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) Index: xen-4.5.3-testing/tools/libxl/libxl.c =================================================================== --- xen-4.5.3-testing.orig/tools/libxl/libxl.c +++ xen-4.5.3-testing/tools/libxl/libxl.c @@ -2229,7 +2229,7 @@ int libxl_device_vtpm_getinfo(libxl_ctx libxl_vtpminfo *vtpminfo) { GC_INIT(ctx); - char *dompath, *vtpmpath; + char *libxl_path, *dompath, *vtpmpath; char *val; int rc = 0; @@ -2238,8 +2238,10 @@ int libxl_device_vtpm_getinfo(libxl_ctx vtpminfo->devid = vtpm->devid; vtpmpath = GCSPRINTF("%s/device/vtpm/%d", dompath, vtpminfo->devid); + libxl_path = GCSPRINTF("%s/device/vtpm/%d", + libxl__xs_libxl_path(gc, domid), vtpminfo->devid); vtpminfo->backend = xs_read(ctx->xsh, XBT_NULL, - GCSPRINTF("%s/backend", vtpmpath), NULL); + GCSPRINTF("%s/backend", libxl_path), NULL); if (!vtpminfo->backend) { goto err; } @@ -2247,9 +2249,9 @@ int libxl_device_vtpm_getinfo(libxl_ctx goto err; } - val = libxl__xs_read(gc, XBT_NULL, - GCSPRINTF("%s/backend-id", vtpmpath)); - vtpminfo->backend_id = val ? strtoul(val, NULL, 10) : -1; + rc = libxl__backendpath_parse_domid(gc, vtpminfo->backend, + &vtpminfo->backend_id); + if (rc) goto exit; val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/state", vtpmpath));
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor