From f711fa9ad09f68ea7f0bcaf999fab9c06dc6a93e Mon Sep 17 00:00:00 2001
From: Pavel Hrdina <phrdina@redhat.com>
Date: Fri, 13 Nov 2020 10:45:30 +0100
Subject: [PATCH] virdevmapper: fix stat comparison in virDMSanitizepath

Introduced by commit <22494556542c676d1b9e7f1c1f2ea13ac17e1e3e> which
fixed a CVE.

If the @path passed to virDMSanitizepath() is not a DM name or not a
path to DM name this function could return incorrect sanitized path as
it would always be the first device under /dev/mapper/.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/util/virdevmapper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
index 6c39a2a44d..c4719d0670 100644
--- a/src/util/virdevmapper.c
+++ b/src/util/virdevmapper.c
@@ -204,7 +204,7 @@ virDMSanitizepath(const char *path)
         g_autofree char *tmp = g_strdup_printf(DEV_DM_DIR "/%s", ent->d_name);
 
         if (stat(tmp, &sb[1]) == 0 &&
-            sb[0].st_rdev == sb[0].st_rdev) {
+            sb[0].st_rdev == sb[1].st_rdev) {
             return g_steal_pointer(&tmp);
         }
     }