[pve-devel] [PATCH qemu-server v4 18/27] backup restore: external: hardening check for untrusted source image
Fiona Ebner
f.ebner at proxmox.com
Thu Nov 14 16:07:45 CET 2024
Suggested-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
---
No changes in v4.
NOTE: actual checking being done depends on Fabian's hardening patches:
https://lore.proxmox.com/pve-devel/20241104104221.228730-1-f.gruenbichler@proxmox.com/
PVE/QemuServer.pm | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 8beb8940..3f0e06a7 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -7388,6 +7388,12 @@ sub restore_external_archive {
$backup_provider->restore_vm_volume_init($volname, $storeid, $d->{devname}, {});
my $source_path = $info->{'qemu-img-path'}
or die "did not get source image path from backup provider\n";
+
+ print "importing drive '$d->{devname}' from '$source_path'\n";
+
+ # safety check for untrusted source image
+ PVE::Storage::file_size_info($source_path, undef, 1);
+
eval {
qemu_img_convert(
$source_path, $d->{volid}, $d->{size}, undef, 0, $options->{bwlimit});
--
2.39.5
More information about the pve-devel
mailing list