[pve-devel] [PATCH qemu-server v5 20/32] backup restore: external: hardening check for untrusted source image

Fiona Ebner f.ebner at proxmox.com
Fri Mar 21 14:48:40 CET 2025


Suggested-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
---

Changes in v5:
* adapt to changed file_size_info() signature

 PVE/QemuServer.pm | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index cb8447c9..fcec60b2 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -7257,6 +7257,12 @@ sub restore_external_archive {
 		$backup_provider->restore_vm_volume_init($volname, $storeid, $d->{devname}, {});
 	    my $source_path = $info->{'qemu-img-path'}
 		or die "did not get source image path from backup provider\n";
+
+	    print "importing drive '$d->{devname}' from '$source_path'\n";
+
+	    # safety check for untrusted source image
+	    PVE::Storage::file_size_info($source_path, undef, 'auto-detect', 1);
+
 	    eval {
 		qemu_img_convert(
 		    $source_path, $d->{volid}, $d->{size}, undef, 0, $options->{bwlimit});
-- 
2.39.5





More information about the pve-devel mailing list