Disallow backing files when uploading volumes to image

Volumes with a header referencing a backing file can leak file data into the destination image when uploading a volume to an image. Halt the upload process if the volume data references a backing file to prevent this. Closes-Bug: #1415087 Change-Id: Iab9718794e7f7e8444015712cfa08c46848ebf78 (cherry picked from commit 9634b76ba5) Conflicts: cinder/tests/test_image_utils.py (backport to old tests)
2015-03-31 19:48:17 -04:00 · 2015-03-31 19:48:17 -04:00 · d31c937c56
parent 95b3ad8ed8
commit d31c937c56
2 changed files with 27 additions and 0 deletions
--- a/cinder/image/image_utils.py
+++ b/cinder/image/image_utils.py
@ -312,6 +312,20 @@ def upload_volume(context, image_service, image_meta, volume_path,
    with fileutils.remove_path_on_error(tmp):
        LOG.debug("%s was %s, converting to %s" %
                  (image_id, volume_format, image_meta['disk_format']))
+
+        data = qemu_img_info(volume_path)
+        backing_file = data.backing_file
+        fmt = data.file_format
+        if backing_file is not None:
+            # Disallow backing files as a security measure.
+            # This prevents a user from writing an image header into a raw
+            # volume with a backing file pointing to data they wish to
+            # access.
+            raise exception.ImageUnacceptable(
+                image_id=image_id,
+                reason=_("fmt=%(fmt)s backed by:%(backing_file)s")
+                % {'fmt': fmt, 'backing_file': backing_file})
+
        convert_image(volume_path, tmp, image_meta['disk_format'],
                      bps_limit=CONF.volume_copy_bps_limit)

--- a/cinder/tests/test_image_utils.py
+++ b/cinder/tests/test_image_utils.py
@ -462,6 +462,10 @@ class TestUtils(test.TestCase):
        volume_utils.setup_blkio_cgroup(mox.IgnoreArg(), mox.IgnoreArg(),
                                        bps_limit).AndReturn(prefix)

+        utils.execute(
+            'env', 'LC_ALL=C', 'qemu-img', 'info',
+            mox.IgnoreArg(), run_as_root=True).AndReturn(
+                (TEST_RET, 'ignored'))
        utils.execute(*cmd, run_as_root=True)
        utils.execute(
            'env', 'LC_ALL=C', 'qemu-img', 'info',
@ -497,6 +501,11 @@ class TestUtils(test.TestCase):

        volume_utils.setup_blkio_cgroup(mox.IgnoreArg(), mox.IgnoreArg(),
                                        bps_limit).AndReturn(prefix)
+
+        utils.execute(
+            'env', 'LC_ALL=C', 'qemu-img', 'info',
+            mox.IgnoreArg(), run_as_root=True).AndReturn(
+                (TEST_RET, 'ignored'))
        utils.execute(*cmd, run_as_root=True)
        utils.execute(
            'env', 'LC_ALL=C', 'qemu-img', 'info',
@ -534,6 +543,10 @@ class TestUtils(test.TestCase):
        m.StubOutWithMock(utils, 'execute')
        m.StubOutWithMock(volume_utils, 'check_for_odirect_support')

+        utils.execute(
+            'env', 'LC_ALL=C', 'qemu-img', 'info',
+            mox.IgnoreArg(), run_as_root=True).AndReturn(
+                (TEST_RET, 'ignored'))
        utils.execute('qemu-img', 'convert', '-O', 'qcow2',
                      mox.IgnoreArg(), mox.IgnoreArg(), run_as_root=True)
        utils.execute(