[pve-devel] [RFC qemu-server v3 24/34] backup restore: external: hardening check for untrusted source image
Fiona Ebner
f.ebner at proxmox.com
Thu Nov 7 17:51:36 CET 2024
Suggested-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
---
New in v3.
Actual checking being done depends on Fabian's hardening patches:
https://lore.proxmox.com/pve-devel/20241104104221.228730-1-f.gruenbichler@proxmox.com/
PVE/QemuServer.pm | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index f484d048..c2e7b4a5 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -7385,6 +7385,12 @@ sub restore_external_archive {
$backup_provider->restore_vm_volume_init($volname, $storeid, $d->{devname}, {});
my $source_path = $info->{'qemu-img-path'}
or die "did not get source image path from backup provider\n";
+
+ print "importing drive '$d->{devname}' from '$source_path'\n";
+
+ # safety check for untrusted source image
+ PVE::Storage::file_size_info($source_path, undef, 1);
+
eval {
qemu_img_convert(
$source_path, $d->{volid}, $d->{size}, undef, 0, $options->{bwlimit});
--
2.39.5
More information about the pve-devel
mailing list