File xsa175-0009-libxl-Do-not-trust-frontend-for-nic-in-libxl_devid_t.patch of Package xen.7673

References: bsc#979620 CVE-2016-4962 XSA-175

From 3e1e9ff62717f4c9b231e82a299e960bd4da4506 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Tue, 3 May 2016 15:52:53 +0100
Subject: [PATCH 09/12] libxl: Do not trust frontend for nic in
 libxl_devid_to_device_nic

Find the backend by reading the pointer in /libxl rather than in the
guest's frontend area.

This is part of XSA-175.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---
 tools/libxl/libxl.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Index: xen-4.4.4-testing/tools/libxl/libxl.c
===================================================================
--- xen-4.4.4-testing.orig/tools/libxl/libxl.c
+++ xen-4.4.4-testing/tools/libxl/libxl.c
@@ -3077,17 +3077,17 @@ int libxl_devid_to_device_nic(libxl_ctx
                               int devid, libxl_device_nic *nic)
 {
     GC_INIT(ctx);
-    char *dompath, *path;
+    char *libxl_dom_path, *path;
     int rc = ERROR_FAIL;
 
     libxl_device_nic_init(nic);
-    dompath = libxl__xs_get_dompath(gc, domid);
-    if (!dompath)
+    libxl_dom_path = libxl__xs_libxl_path(gc, domid);
+    if (!libxl_dom_path)
         goto out;
 
     path = libxl__xs_read(gc, XBT_NULL,
-                          libxl__sprintf(gc, "%s/device/vif/%d/backend",
-                                         dompath, devid));
+                          GCSPRINTF("%s/device/vif/%d/backend", libxl_dom_path,
+                                    devid));
     if (!path)
         goto out;