diff options
| author | Eric Harney <eharney@redhat.com> | 2015-03-31 19:48:17 -0400 |
|---|---|---|
| committer | Eric Harney <eharney@redhat.com> | 2015-06-15 15:03:03 -0400 |
| commit | bc0549e08b010edb863d409d80114aa78d317a61 (patch) | |
| tree | 6e67ab93f49cc7b67a864193e0a03cc7bd247e37 | |
| parent | 5d0ca5c2226dd42d6c45ba3530fc6b984ccee80d (diff) | |
| download | cinder-stable/icehouse.tar.gz | |
Disallow backing files when uploading volumes to imageicehouse-eol2014.1.5stable/icehouse
Volumes with a header referencing a backing file can leak
file data into the destination image when uploading a
volume to an image.
Halt the upload process if the volume data references a
backing file to prevent this.
Closes-Bug: #1415087
Change-Id: Iab9718794e7f7e8444015712cfa08c46848ebf78
(cherry picked from commit 9634b76ba5886d6c2f2128d550cb005dabf48213)
Conflicts:
cinder/tests/test_image_utils.py (backport to old tests)
(cherry picked from commit d31c937c566005dedf41a60c6b5bd5e7b26f221b)
Conflicts:
cinder/tests/test_image_utils.py
| -rw-r--r-- | cinder/image/image_utils.py | 14 | ||||
| -rw-r--r-- | cinder/tests/test_image_utils.py | 8 |
2 files changed, 22 insertions, 0 deletions
diff --git a/cinder/image/image_utils.py b/cinder/image/image_utils.py index 883f73635..43a831510 100644 --- a/cinder/image/image_utils.py +++ b/cinder/image/image_utils.py @@ -251,6 +251,20 @@ def upload_volume(context, image_service, image_meta, volume_path, with fileutils.remove_path_on_error(tmp): LOG.debug("%s was %s, converting to %s" % (image_id, volume_format, image_meta['disk_format'])) + + data = qemu_img_info(volume_path) + backing_file = data.backing_file + fmt = data.file_format + if backing_file is not None: + # Disallow backing files as a security measure. + # This prevents a user from writing an image header into a raw + # volume with a backing file pointing to data they wish to + # access. + raise exception.ImageUnacceptable( + image_id=image_id, + reason=_("fmt=%(fmt)s backed by:%(backing_file)s") + % {'fmt': fmt, 'backing_file': backing_file}) + convert_image(volume_path, tmp, image_meta['disk_format']) data = qemu_img_info(tmp) diff --git a/cinder/tests/test_image_utils.py b/cinder/tests/test_image_utils.py index 03c4dcb40..d98e0f33b 100644 --- a/cinder/tests/test_image_utils.py +++ b/cinder/tests/test_image_utils.py @@ -396,6 +396,10 @@ class TestUtils(test.TestCase): m = self._mox m.StubOutWithMock(utils, 'execute') + utils.execute( + 'env', 'LC_ALL=C', 'qemu-img', 'info', + mox.IgnoreArg(), run_as_root=True).AndReturn( + (TEST_RET, 'ignored')) utils.execute('qemu-img', 'convert', '-O', 'qcow2', mox.IgnoreArg(), mox.IgnoreArg(), run_as_root=True) utils.execute( @@ -434,6 +438,10 @@ class TestUtils(test.TestCase): m = self._mox m.StubOutWithMock(utils, 'execute') + utils.execute( + 'env', 'LC_ALL=C', 'qemu-img', 'info', + mox.IgnoreArg(), run_as_root=True).AndReturn( + (TEST_RET, 'ignored')) utils.execute('qemu-img', 'convert', '-O', 'qcow2', mox.IgnoreArg(), mox.IgnoreArg(), run_as_root=True) utils.execute( |