File xsa178-0015-libxl-Do-not-trust-backend-for-nic-in-devid_to_devic.patch of Package xen.8005

References: bsc#979670 CVE-2016-4963 XSA-178

From df1c2b3e2b3412c851a7ecaa056d1653d2f9f650 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Wed, 4 May 2016 16:20:05 +0100
Subject: [PATCH 15/21] libxl: Do not trust backend for nic in devid_to_device

libxl_devid_to_device_nic should read the information it needs from
the /libxl/device path, not the backend.

This is part of XSA-178.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---
 tools/libxl/libxl.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

Index: xen-4.4.4-testing/tools/libxl/libxl.c
===================================================================
--- xen-4.4.4-testing.orig/tools/libxl/libxl.c
+++ xen-4.4.4-testing/tools/libxl/libxl.c
@@ -3082,7 +3082,7 @@ int libxl_devid_to_device_nic(libxl_ctx
                               int devid, libxl_device_nic *nic)
 {
     GC_INIT(ctx);
-    char *libxl_dom_path, *path;
+    char *libxl_dom_path, *libxl_path;
     int rc = ERROR_FAIL;
 
     libxl_device_nic_init(nic);
@@ -3090,13 +3090,9 @@ int libxl_devid_to_device_nic(libxl_ctx
     if (!libxl_dom_path)
         goto out;
 
-    path = libxl__xs_read(gc, XBT_NULL,
-                          GCSPRINTF("%s/device/vif/%d/backend", libxl_dom_path,
-                                    devid));
-    if (!path)
-        goto out;
+    libxl_path = GCSPRINTF("%s/device/vif/%d", libxl_dom_path, devid);
 
-    rc = libxl__device_nic_from_xenstore(gc, path, nic);
+    rc = libxl__device_nic_from_xenstore(gc, libxl_path, nic);
     if (rc) goto out;
 
     rc = 0;