From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Tue, 3 May 2016 14:52:53 +0000 (+0100)
Subject: libxl: Do not trust frontend for nic in libxl_devid_to_device_nic
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=2c74b8dd4c5d6982eee1fd852f9aa10ec1b24545;p=xen.git

libxl: Do not trust frontend for nic in libxl_devid_to_device_nic

Find the backend by reading the pointer in /libxl rather than in the
guest's frontend area.

This is part of XSA-175.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---

diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
index 6f8fb08393..4daf294f00 100644
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -3034,17 +3034,17 @@ int libxl_devid_to_device_nic(libxl_ctx *ctx, uint32_t domid,
                               int devid, libxl_device_nic *nic)
 {
     GC_INIT(ctx);
-    char *dompath, *path;
+    char *libxl_dom_path, *path;
     int rc = ERROR_FAIL;
 
     libxl_device_nic_init(nic);
-    dompath = libxl__xs_get_dompath(gc, domid);
-    if (!dompath)
+    libxl_dom_path = libxl__xs_libxl_path(gc, domid);
+    if (!libxl_dom_path)
         goto out;
 
     path = libxl__xs_read(gc, XBT_NULL,
-                          libxl__sprintf(gc, "%s/device/vif/%d/backend",
-                                         dompath, devid));
+                          GCSPRINTF("%s/device/vif/%d/backend", libxl_dom_path,
+                                    devid));
     if (!path)
         goto out;