File xsa178-0013-libxl-Have-READ_LIBXLDEV-use-libxl_path-rather-than-.patch of Package xen.4507
References: bsc#979670 CVE-2016-4963 XSA-178
From 8e37e743331110b4fec5928689d74dceda5eb608 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Tue, 3 May 2016 15:40:18 +0100
Subject: [PATCH 13/21] libxl: Have READ_LIBXLDEV use libxl_path rather than
be_path
Fix the just-introduced bug in this macro: now it reads the
trustworthy libxl_path. Change the variable name in the two functions
(nic and channel) which use it.
Shuffling the bump in the carpet along, we now introduce three new
bugs: the three call sites pass a backend path where a frontend path
is expected.
No functional change.
This is part of XSA-178.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---
tools/libxl/libxl.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
Index: xen-4.4.4-testing/tools/libxl/libxl.c
===================================================================
--- xen-4.4.4-testing.orig/tools/libxl/libxl.c
+++ xen-4.4.4-testing/tools/libxl/libxl.c
@@ -3039,10 +3039,10 @@ static int libxl__device_nic_from_xs_be(
libxl_device_nic_init(nic);
-/* Utility to read /libxl or backend xenstore keys, from be_path */
+/* Utility to read /libxl xenstore keys, from libxl_path */
#define READ_LIBXLDEV(tgc, subpath) ({ \
rc = libxl__xs_read_checked(tgc, XBT_NULL, \
- GCSPRINTF("%s/" subpath, be_path), \
+ GCSPRINTF("%s/" subpath, libxl_path), \
&tmp); \
if (rc) goto out; \
(char*)tmp; \