c9c0b1b4b5
When doing a live snapshot, the libvirt driver creates an intermediate
qcow2 file with the same backing file as the original disk. However,
it calls qemu-img info without specifying the input format explicitly.
An authenticated user can write data to a raw disk which will cause
this code to misinterpret the disk as a qcow2 file with a
user-specified backing file on the host, and return an arbitrary host
file as the backing file.
This bug does not appear to result in a data leak in this case, but
this is hard to verify. It certainly results in corrupt output.
Closes-Bug: #1524274
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| disk | ||
| hyperv | ||
| image | ||
| ironic | ||
| libvirt | ||
| vmwareapi | ||
| xenapi | ||
| __init__.py | ||
| test_block_device.py | ||
| test_configdrive.py | ||
| test_diagnostics.py | ||
| test_driver.py | ||
| test_events.py | ||
| test_fake.py | ||
| test_hardware.py | ||
| test_imagecache.py | ||
| test_images.py | ||
| test_virt.py | ||
| test_virt_drivers.py | ||
| test_volumeutils.py | ||