On Mon, Nov 16, 2020 at 16:38:56 +0100, Pavel Hrdina wrote:
Introduced by commit <22494556542c676d1b9e7f1c1f2ea13ac17e1e3e>.
This is a real bug and the commit message neglects to mention what the implications are. This basically returns the first entry of /dev/mapper/ if the previous conditions don't match. That seems serious. Especially since the original commit fixes a CVE!
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/util/virdevmapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c index 6c39a2a44d..c4719d0670 100644 --- a/src/util/virdevmapper.c +++ b/src/util/virdevmapper.c @@ -204,7 +204,7 @@ virDMSanitizepath(const char *path) g_autofree char *tmp = g_strdup_printf(DEV_DM_DIR "/%s", ent->d_name);
if (stat(tmp, &sb[1]) == 0 && - sb[0].st_rdev == sb[0].st_rdev) { + sb[0].st_rdev == sb[1].st_rdev) { return g_steal_pointer(&tmp);
If you improve the commit message: Reviewed-by: Peter Krempa <pkrempa@redhat.com>