possible null dereference when parsing vif ratelimiting info

ISSUE DESCRIPTION

The libxlu library function xlu_vif_parse_rate does not properly handle inputs which consist solely of the ‘@’ character, leading to a NULL pointer dereference.

IMPACT

A toolstack which allows untrusted users to specify an arbitrary configuration for the VIF rate can be subjected to a DOS.
The only known user of this library is the xl toolstack which does not have a central long running daemon and therefore the impact is limited to crashing the process which is creating the domain, which exists only to service a single domain.

VULNERABLE SYSTEMS

The vulnerable code is present from Xen 4.2 onwards.