[pve-devel] [PATCH storage 1/1] file_size_info: implement untrusted mode
Fiona Ebner
f.ebner at proxmox.com
Tue Sep 10 13:33:43 CEST 2024
Am 09.08.24 um 13:22 schrieb Fabian Grünbichler:
> this allows checking some extra attributes for images which come from a
> potentially malicious source.
>
> since file_size_info is not part of the plugin API, no API bump is needed. if
> desired, a similar check could also be implemented in volume_size_info, which
> would entail bumping both APIVER and APIAGE (since the additional parameter
> would make checking untrusted volumes opt-in for external plugins).
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
Reviewed-by: Fiona Ebner <f.ebner at proxmox.com>
> @@ -977,12 +987,27 @@ sub file_size_info {
>
There's a new early return now because of commit 851cc07 ("base plugin:
do not decode the empty string") where we should also die if $untrusted.
Although it is very unlikely that we'll reach that since you do not set
a timeout at the call sites with $untrusted set.
> my $info = eval { decode_json($json) };
> if (my $err = $@) {
More information about the pve-devel
mailing list