1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00

virdevmapper: fix stat comparison in virDMSanitizepath

Introduced by commit <22494556542c676d1b9e7f1c1f2ea13ac17e1e3e> which
fixed a CVE.

If the @path passed to virDMSanitizepath() is not a DM name or not a
path to DM name this function could return incorrect sanitized path as
it would always be the first device under /dev/mapper/.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
Pavel Hrdina 2020-11-13 10:45:30 +01:00
parent caaf792eed
commit f711fa9ad0

View File

@ -204,7 +204,7 @@ virDMSanitizepath(const char *path)
g_autofree char *tmp = g_strdup_printf(DEV_DM_DIR "/%s", ent->d_name); g_autofree char *tmp = g_strdup_printf(DEV_DM_DIR "/%s", ent->d_name);
if (stat(tmp, &sb[1]) == 0 && if (stat(tmp, &sb[1]) == 0 &&
sb[0].st_rdev == sb[0].st_rdev) { sb[0].st_rdev == sb[1].st_rdev) {
return g_steal_pointer(&tmp); return g_steal_pointer(&tmp);
} }
} }