commit b974c6d1d5753f333d1d71f8190ddf3b4f8fbbf1
Author: Matthew Booth <email address hidden>
Date: Fri Dec 11 13:40:54 2015 +0000
Fix backing file detection in libvirt live snapshot
When doing a live snapshot, the libvirt driver creates an intermediate
qcow2 file with the same backing file as the original disk. However,
it calls qemu-img info without specifying the input format explicitly.
An authenticated user can write data to a raw disk which will cause
this code to misinterpret the disk as a qcow2 file with a
user-specified backing file on the host, and return an arbitrary host
file as the backing file.
This bug does not appear to result in a data leak in this case, but
this is hard to verify. It certainly results in corrupt output.
Reviewed: https:/ /review. openstack. org/264821 /git.openstack. org/cgit/ openstack/ nova/commit/ ?id=b974c6d1d57 53f333d1d71f819 0ddf3b4f8fbbf1
Committed: https:/
Submitter: Jenkins
Branch: stable/kilo
commit b974c6d1d5753f3 33d1d71f8190ddf 3b4f8fbbf1
Author: Matthew Booth <email address hidden>
Date: Fri Dec 11 13:40:54 2015 +0000
Fix backing file detection in libvirt live snapshot
When doing a live snapshot, the libvirt driver creates an intermediate
qcow2 file with the same backing file as the original disk. However,
it calls qemu-img info without specifying the input format explicitly.
An authenticated user can write data to a raw disk which will cause
this code to misinterpret the disk as a qcow2 file with a
user-specified backing file on the host, and return an arbitrary host
file as the backing file.
This bug does not appear to result in a data leak in this case, but
this is hard to verify. It certainly results in corrupt output.
Closes-Bug: #1524274
Change-Id: I11485f077d28f4 e97529a691e55e3 e3c0bea8872