[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.3] libxl: Do not trust frontend for nic in getinfo



commit 5811d6bdf5bb6e80db7acaf8bab196f9476f5164
Author:     Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
AuthorDate: Tue May 3 16:31:07 2016 +0100
Commit:     Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CommitDate: Mon Jun 6 17:06:44 2016 +0100

    libxl: Do not trust frontend for nic in getinfo
    
    libxl_device_nic_getinfo needs to examine devices without trusting
    frontend-controlled data.  So:
    
    * Use /libxl to find the backend path.
    * Parse the backend path to find the backend domid, rather than
      reading it from the frontend.
    
    This is part of XSA-175.
    
    Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
    Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
 tools/libxl/libxl.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
index 4daf294..b440099 100644
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -3117,22 +3117,27 @@ int libxl_device_nic_getinfo(libxl_ctx *ctx, uint32_t 
domid,
                               libxl_device_nic *nic, libxl_nicinfo *nicinfo)
 {
     GC_INIT(ctx);
-    char *dompath, *nicpath;
+    char *dompath, *nicpath, *libxl_path;
     char *val;
+    int rc;
 
     dompath = libxl__xs_get_dompath(gc, domid);
     nicinfo->devid = nic->devid;
 
-    nicpath = libxl__sprintf(gc, "%s/device/vif/%d", dompath, nicinfo->devid);
+    nicpath = GCSPRINTF("%s/device/vif/%d", dompath, nicinfo->devid);
+    libxl_path = GCSPRINTF("%s/device/vif/%d",
+                           libxl__xs_libxl_path(gc, domid), nicinfo->devid);
     nicinfo->backend = xs_read(ctx->xsh, XBT_NULL,
-                                libxl__sprintf(gc, "%s/backend", nicpath), 
NULL);
+                                GCSPRINTF("%s/backend", libxl_path), NULL);
     if (!nicinfo->backend) {
         GC_FREE;
         return ERROR_FAIL;
     }
-    val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/backend-id", 
nicpath));
-    nicinfo->backend_id = val ? strtoul(val, NULL, 10) : -1;
-    val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/state", 
nicpath));
+    rc = libxl__backendpath_parse_domid(gc, nicinfo->backend,
+                                        &nicinfo->backend_id);
+    if (rc) goto out;
+
+    val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/state", nicpath));
     nicinfo->state = val ? strtoul(val, NULL, 10) : -1;
     val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/event-channel", 
nicpath));
     nicinfo->evtch = val ? strtoul(val, NULL, 10) : -1;
@@ -3145,8 +3150,10 @@ int libxl_device_nic_getinfo(libxl_ctx *ctx, uint32_t 
domid,
     val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/frontend-id", 
nicinfo->backend));
     nicinfo->frontend_id = val ? strtoul(val, NULL, 10) : -1;
 
+    rc = 0;
+ out:
     GC_FREE;
-    return 0;
+    return rc;
 }
 
 const char *libxl__device_nic_devname(libxl__gc *gc,
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.3

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.