Disallow backing files when uploading volumes to image

Volumes with a header referencing a backing file can leak file data into the destination image when uploading a volume to an image. Halt the upload process if the volume data references a backing file to prevent this. Closes-Bug: #1415087 Change-Id: Iab9718794e7f7e8444015712cfa08c46848ebf78 (cherry picked from commit 9634b76ba5) Conflicts: cinder/tests/test_image_utils.py (backport to old tests) (cherry picked from commit d31c937c56) Conflicts: cinder/tests/test_image_utils.py
2015-03-31 19:48:17 -04:00 · 2015-03-31 19:48:17 -04:00 · bc0549e08b
parent 5d0ca5c222
commit bc0549e08b
2 changed files with 22 additions and 0 deletions
--- a/cinder/image/image_utils.py
+++ b/cinder/image/image_utils.py
@ -251,6 +251,20 @@ def upload_volume(context, image_service, image_meta, volume_path,
    with fileutils.remove_path_on_error(tmp):
        LOG.debug("%s was %s, converting to %s" %
                  (image_id, volume_format, image_meta['disk_format']))
+
+        data = qemu_img_info(volume_path)
+        backing_file = data.backing_file
+        fmt = data.file_format
+        if backing_file is not None:
+            # Disallow backing files as a security measure.
+            # This prevents a user from writing an image header into a raw
+            # volume with a backing file pointing to data they wish to
+            # access.
+            raise exception.ImageUnacceptable(
+                image_id=image_id,
+                reason=_("fmt=%(fmt)s backed by:%(backing_file)s")
+                % {'fmt': fmt, 'backing_file': backing_file})
+
        convert_image(volume_path, tmp, image_meta['disk_format'])

        data = qemu_img_info(tmp)
--- a/cinder/tests/test_image_utils.py
+++ b/cinder/tests/test_image_utils.py
@ -396,6 +396,10 @@ class TestUtils(test.TestCase):
        m = self._mox
        m.StubOutWithMock(utils, 'execute')

+        utils.execute(
+            'env', 'LC_ALL=C', 'qemu-img', 'info',
+            mox.IgnoreArg(), run_as_root=True).AndReturn(
+                (TEST_RET, 'ignored'))
        utils.execute('qemu-img', 'convert', '-O', 'qcow2',
                      mox.IgnoreArg(), mox.IgnoreArg(), run_as_root=True)
        utils.execute(
@ -434,6 +438,10 @@ class TestUtils(test.TestCase):
        m = self._mox
        m.StubOutWithMock(utils, 'execute')

+        utils.execute(
+            'env', 'LC_ALL=C', 'qemu-img', 'info',
+            mox.IgnoreArg(), run_as_root=True).AndReturn(
+                (TEST_RET, 'ignored'))
        utils.execute('qemu-img', 'convert', '-O', 'qcow2',
                      mox.IgnoreArg(), mox.IgnoreArg(), run_as_root=True)
        utils.execute(