Disallow backing files when uploading volumes to image
Volumes with a header referencing a backing file can leak
file data into the destination image when uploading a
volume to an image.
Halt the upload process if the volume data references a
backing file to prevent this.
Closes-Bug: #1415087
Change-Id: Iab9718794e7f7e8444015712cfa08c46848ebf78
(cherry picked from commit 9634b76ba5
)
Conflicts:
cinder/tests/test_image_utils.py (backport to old tests)
This commit is contained in:
parent
95b3ad8ed8
commit
d31c937c56
|
@ -312,6 +312,20 @@ def upload_volume(context, image_service, image_meta, volume_path,
|
|||
with fileutils.remove_path_on_error(tmp):
|
||||
LOG.debug("%s was %s, converting to %s" %
|
||||
(image_id, volume_format, image_meta['disk_format']))
|
||||
|
||||
data = qemu_img_info(volume_path)
|
||||
backing_file = data.backing_file
|
||||
fmt = data.file_format
|
||||
if backing_file is not None:
|
||||
# Disallow backing files as a security measure.
|
||||
# This prevents a user from writing an image header into a raw
|
||||
# volume with a backing file pointing to data they wish to
|
||||
# access.
|
||||
raise exception.ImageUnacceptable(
|
||||
image_id=image_id,
|
||||
reason=_("fmt=%(fmt)s backed by:%(backing_file)s")
|
||||
% {'fmt': fmt, 'backing_file': backing_file})
|
||||
|
||||
convert_image(volume_path, tmp, image_meta['disk_format'],
|
||||
bps_limit=CONF.volume_copy_bps_limit)
|
||||
|
||||
|
|
|
@ -462,6 +462,10 @@ class TestUtils(test.TestCase):
|
|||
volume_utils.setup_blkio_cgroup(mox.IgnoreArg(), mox.IgnoreArg(),
|
||||
bps_limit).AndReturn(prefix)
|
||||
|
||||
utils.execute(
|
||||
'env', 'LC_ALL=C', 'qemu-img', 'info',
|
||||
mox.IgnoreArg(), run_as_root=True).AndReturn(
|
||||
(TEST_RET, 'ignored'))
|
||||
utils.execute(*cmd, run_as_root=True)
|
||||
utils.execute(
|
||||
'env', 'LC_ALL=C', 'qemu-img', 'info',
|
||||
|
@ -497,6 +501,11 @@ class TestUtils(test.TestCase):
|
|||
|
||||
volume_utils.setup_blkio_cgroup(mox.IgnoreArg(), mox.IgnoreArg(),
|
||||
bps_limit).AndReturn(prefix)
|
||||
|
||||
utils.execute(
|
||||
'env', 'LC_ALL=C', 'qemu-img', 'info',
|
||||
mox.IgnoreArg(), run_as_root=True).AndReturn(
|
||||
(TEST_RET, 'ignored'))
|
||||
utils.execute(*cmd, run_as_root=True)
|
||||
utils.execute(
|
||||
'env', 'LC_ALL=C', 'qemu-img', 'info',
|
||||
|
@ -534,6 +543,10 @@ class TestUtils(test.TestCase):
|
|||
m.StubOutWithMock(utils, 'execute')
|
||||
m.StubOutWithMock(volume_utils, 'check_for_odirect_support')
|
||||
|
||||
utils.execute(
|
||||
'env', 'LC_ALL=C', 'qemu-img', 'info',
|
||||
mox.IgnoreArg(), run_as_root=True).AndReturn(
|
||||
(TEST_RET, 'ignored'))
|
||||
utils.execute('qemu-img', 'convert', '-O', 'qcow2',
|
||||
mox.IgnoreArg(), mox.IgnoreArg(), run_as_root=True)
|
||||
utils.execute(
|
||||
|
|
Loading…
Reference in New Issue