[pve-devel] [PATCH v2 qemu-server 1/1] disk import: add additional safeguards for imported image files
Fiona Ebner
f.ebner at proxmox.com
Fri Nov 15 11:15:17 CET 2024
On 04.11.24 11:42 AM, Fabian Grünbichler wrote:
> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
> index 848001b6..ae0c39bf 100644
> --- a/PVE/API2/Qemu.pm
> +++ b/PVE/API2/Qemu.pm
> @@ -412,18 +412,29 @@ my sub create_disks : prototype($$$$$$$$$$) {
>
> $needs_creation = $live_import;
>
> - if (PVE::Storage::parse_volume_id($source, 1)) { # PVE-managed volume
> + my ($source_storage, $source_volid) = PVE::Storage::parse_volume_id($source, 1);
> +
> + if ($source_storage) { # PVE-managed volume
> if ($live_import && $ds ne 'efidisk0') {
> my $path = PVE::Storage::path($storecfg, $source)
> or die "failed to get a path for '$source'\n";
> $source = $path;
> - ($size, my $source_format) = PVE::Storage::file_size_info($source);
> + # check potentially untrusted image file!
> + ($size, my $source_format) = PVE::Storage::file_size_info($source, undef, 1);
> +
> die "could not get file size of $source\n" if !$size;
> $live_import_mapping->{$ds} = {
> path => $source,
> format => $source_format,
> };
> } else {
> + # check potentially untrusted image file!
> + my $scfg = PVE::Storage::storage_config($storecfg, $source_storage);
> + if ($scfg->{path}) {
> + my $path = PVE::Storage::path($storecfg, $source);
> + PVE::Storage::file_size_info($path, undef, 1);
> + }
> +
> my $dest_info = {
> vmid => $vmid,
> drivename => $ds,
Actually, this breaks disk import from the image of an existing linked
clone (which is trusted):
> root at pve8a1 /mnt/pve/sparschwein/125 # qm set 125 --scsi7 local:0,import-from=dir:101/vm-101-disk-0.qcow2
> update VM 125: -scsi7 local:0,import-from=dir:101/vm-101-disk-0.qcow2
> backing file not allowed for untrusted image '/mnt/pve/dir/images/101/vm-101-disk-0.qcow2'!
More information about the pve-devel
mailing list