From 99e00695f1ab24e122e83087162a84b2bf2b81e2 Mon Sep 17 00:00:00 2001
Message-Id: <99e00695f1ab24e122e83087162a84b2bf2b81e2@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Mon, 8 Mar 2021 12:57:35 +0100
Subject: [PATCH] virdevmapper: fix stat comparison in virDMSanitizepath
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Introduced by commit <22494556542c676d1b9e7f1c1f2ea13ac17e1e3e> which
fixed a CVE.

If the @path passed to virDMSanitizepath() is not a DM name or not a
path to DM name this function could return incorrect sanitized path as
it would always be the first device under /dev/mapper/.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit f711fa9ad09f68ea7f0bcaf999fab9c06dc6a93e)

Conflicts:
- src/util/virdevmapper.c: Context, the downstream has
  VIR_STEAL_PTR() while the cherry picked commit uses
  g_steal_pointer() already.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1933557
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Message-Id: <a09ac0ef47d828fe4fd2683f6fbc94fbc76a5944.1615203117.git.mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
 src/util/virdevmapper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
index a04d9650a6..4994b4caef 100644
--- a/src/util/virdevmapper.c
+++ b/src/util/virdevmapper.c
@@ -219,7 +219,7 @@ virDMSanitizepath(const char *path)
             return NULL;
 
         if (stat(tmp, &sb[1]) == 0 &&
-            sb[0].st_rdev == sb[0].st_rdev) {
+            sb[0].st_rdev == sb[1].st_rdev) {
             VIR_STEAL_PTR(ret, tmp);
             break;
         }
-- 
2.31.0