Comment 34 for bug 1415087
Revision history for this message
| Bastian Blank (waldi) wrote Re: [Bug 1415087] Re: Format-guessing and file disclosure in image convert | #34 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
On Tue, Mar 31, 2015 at 02:45:58PM -0000, Duncan Thomas wrote:
> Can we user the same trick Eric used fixing the related CVE, and analyse
> the apparent structure of any qcow2 file provided to see if it is backed
> by something it shouldn't be?
Not sure which trick you mean. But the only way to properly fix this is
to actually supply the input format, as only the storage layer knows.
If you resort to guessing, this will get you a nice way to hide
information, including unusable backups.
Bastian
--
The sight of death frightens them [Earthers].
-- Kras the Klingon, "Friday's Child", stardate 3497.2