[pve-devel] [PATCH qemu-server v5 20/32] backup restore: external: hardening check for untrusted source image
Fiona Ebner
f.ebner at proxmox.com
Fri Mar 21 14:48:40 CET 2025
Suggested-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
---
Changes in v5:
* adapt to changed file_size_info() signature
PVE/QemuServer.pm | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index cb8447c9..fcec60b2 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -7257,6 +7257,12 @@ sub restore_external_archive {
$backup_provider->restore_vm_volume_init($volname, $storeid, $d->{devname}, {});
my $source_path = $info->{'qemu-img-path'}
or die "did not get source image path from backup provider\n";
+
+ print "importing drive '$d->{devname}' from '$source_path'\n";
+
+ # safety check for untrusted source image
+ PVE::Storage::file_size_info($source_path, undef, 'auto-detect', 1);
+
eval {
qemu_img_convert(
$source_path, $d->{volid}, $d->{size}, undef, 0, $options->{bwlimit});
--
2.39.5
More information about the pve-devel
mailing list