File xsa178-0019-libxl-Cleanup-Have-libxl__alloc_vdev-use-libxl.patch of Package xen.7673
References: bsc#979670 CVE-2016-4963 XSA-178
From 0f73dcd781ea623e671de776acfcf2cf0cd73972 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Tue, 3 May 2016 15:25:19 +0100
Subject: [PATCH 19/21] libxl: Cleanup: Have libxl__alloc_vdev use /libxl
When allocating a vdev for a new disk, look in /libxl/device, rather
than the frontends directory in xenstore.
This is more in line with the other parts of libxl, which ought not to
trust frontends. In this case, though, there is no security bug prior
to this patch because the frontend is the toolstack domain itself.
If libxl__alloc_vdev were ever changed to take a frontend domain
argument, this patch will fix a latent security bug.
This is a followup to XSA-175.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---
tools/libxl/libxl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: xen-4.4.4-testing/tools/libxl/libxl.c
===================================================================
--- xen-4.4.4-testing.orig/tools/libxl/libxl.c
+++ xen-4.4.4-testing/tools/libxl/libxl.c
@@ -2627,7 +2627,7 @@ static char * libxl__alloc_vdev(libxl__g
{
const char *blkdev_start = (const char *) get_vdev_user;
int devid = 0, disk = 0, part = 0;
- char *dompath = libxl__xs_get_dompath(gc, LIBXL_TOOLSTACK_DOMID);
+ char *libxl_dom_path = libxl__xs_libxl_path(gc, LIBXL_TOOLSTACK_DOMID);
libxl__device_disk_dev_number(blkdev_start, &disk, &part);
if (part != 0) {
@@ -2642,7 +2642,7 @@ static char * libxl__alloc_vdev(libxl__g
return NULL;
if (libxl__xs_read(gc, t,
libxl__sprintf(gc, "%s/device/vbd/%d/backend",
- dompath, devid)) == NULL) {
+ libxl_dom_path, devid)) == NULL) {
if (errno == ENOENT)
return libxl__devid_to_localdev(gc, devid);
else
