c9c0b1b4b5
When doing a live snapshot, the libvirt driver creates an intermediate
qcow2 file with the same backing file as the original disk. However,
it calls qemu-img info without specifying the input format explicitly.
An authenticated user can write data to a raw disk which will cause
this code to misinterpret the disk as a qcow2 file with a
user-specified backing file on the host, and return an arbitrary host
file as the backing file.
This bug does not appear to result in a data leak in this case, but
this is hard to verify. It certainly results in corrupt output.
Closes-Bug: #1524274
(cherry picked from commit
|
||
---|---|---|
.. | ||
disk | ||
hyperv | ||
image | ||
ironic | ||
libvirt | ||
vmwareapi | ||
xenapi | ||
__init__.py | ||
test_block_device.py | ||
test_configdrive.py | ||
test_diagnostics.py | ||
test_driver.py | ||
test_events.py | ||
test_fake.py | ||
test_hardware.py | ||
test_imagecache.py | ||
test_images.py | ||
test_virt.py | ||
test_virt_drivers.py | ||
test_volumeutils.py |