Re: [libvirt PATCH 09/11] virdevmapper: fix stat comparison in virDMSanitizepath
On Mon, Nov 16, 2020 at 16:38:56 +0100, Pavel Hrdina wrote:
Introduced by commit
<22494556542c676d1b9e7f1c1f2ea13ac17e1e3e>.
This is a real bug and the commit message neglects to mention what the
implications are.
This basically returns the first entry of /dev/mapper/ if the previous
conditions don't match. That seems serious.
Especially since the original commit fixes a CVE!
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/util/virdevmapper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
index 6c39a2a44d..c4719d0670 100644
--- a/src/util/virdevmapper.c
+++ b/src/util/virdevmapper.c
@@ -204,7 +204,7 @@ virDMSanitizepath(const char *path)
g_autofree char *tmp = g_strdup_printf(DEV_DM_DIR "/%s",
ent->d_name);
if (stat(tmp, &sb[1]) == 0 &&
- sb[0].st_rdev == sb[0].st_rdev) {
+ sb[0].st_rdev == sb[1].st_rdev) {
return g_steal_pointer(&tmp);
If you improve the commit message:
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>