File xsa178-0010-libxl-Do-not-trust-backend-for-channel-in-getinfo.patch of Package xen.openSUSE_Leap_42.1_Update

References: bsc#979670 CVE-2016-4963 XSA-178

From b2362b04e2d5fbd1a39019adf9e7e5f85cbdf2e1 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Wed, 4 May 2016 15:57:10 +0100
Subject: [PATCH 10/21] libxl: Do not trust backend for channel in getinfo

Do not read the frontend path out of the backend.  We have it in our
hand.  Likewise the guest (frontend) domid was one of our parameters (!)

This is part of XSA-178.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---
 tools/libxl/libxl.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

Index: xen-4.5.3-testing/tools/libxl/libxl.c
===================================================================
--- xen-4.5.3-testing.orig/tools/libxl/libxl.c
+++ xen-4.5.3-testing/tools/libxl/libxl.c
@@ -3990,12 +3990,8 @@ int libxl_device_channel_getinfo(libxl_c
 
     val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/state", fe_path));
     channelinfo->state = val ? strtoul(val, NULL, 10) : -1;
-    channelinfo->frontend = xs_read(ctx->xsh, XBT_NULL,
-                                    GCSPRINTF("%s/frontend",
-                                    channelinfo->backend), NULL);
-    val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/frontend-id",
-                         channelinfo->backend));
-    channelinfo->frontend_id = val ? strtoul(val, NULL, 10) : -1;
+    channelinfo->frontend = libxl__strdup(NOGC, fe_path);
+    channelinfo->frontend_id = domid;
     val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/ring-ref", fe_path));
     channelinfo->rref = val ? strtoul(val, NULL, 10) : -1;
     val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/port", fe_path));
openSUSE Build Service is sponsored by