File xsa178-0004-libxl-Do-not-trust-backend-for-vtpm-in-getinfo-uuid.patch of Package xen.4507

References: bsc#979670 CVE-2016-4963 XSA-178

From 4831002680a39e327a105402f0162e3d57c9d86f Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Fri, 29 Apr 2016 16:57:14 +0100
Subject: [PATCH 04/21] libxl: Do not trust backend for vtpm in getinfo (uuid)

Use uuid from /libxl, rather than from backend.  I think the backend
is not supposed to change the uuid, since it seems to be set by libxl
during setup.

If in fact the backend is supposed to be able to change the uuid, this
patch needs to be dropped and replaced by a patch which makes the vtpm
uuid lookup tolerate bad or missing data.

This is part of XSA-178.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---
 tools/libxl/libxl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Index: xen-4.4.4-testing/tools/libxl/libxl.c
===================================================================
--- xen-4.4.4-testing.orig/tools/libxl/libxl.c
+++ xen-4.4.4-testing/tools/libxl/libxl.c
@@ -1917,7 +1917,7 @@ libxl_device_vtpm *libxl_device_vtpm_lis
                                               &vtpm->backend_domid);
           if (rc) return NULL;
 
-          tmp = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/uuid", be_path));
+          tmp = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/uuid", libxl_path));
           if (tmp) {
               if(libxl_uuid_from_string(&(vtpm->uuid), tmp)) {
                   LOG(ERROR, "%s/uuid is a malformed uuid?? (%s) Probably a bug!!\n", be_path, tmp);
@@ -1983,7 +1983,7 @@ int libxl_device_vtpm_getinfo(libxl_ctx
     vtpminfo->frontend_id = val ? strtoul(val, NULL, 10) : -1;
 
     val = libxl__xs_read(gc, XBT_NULL,
-          GCSPRINTF("%s/uuid", vtpminfo->backend));
+          GCSPRINTF("%s/uuid", libxl_path));
     if(val == NULL) {
        LOG(ERROR, "%s/uuid does not exist!\n", vtpminfo->backend);
        goto err;