commit 4aa6590a483901de64e0d162fff11f3d2d7f9977
Author: Brian Rosmaita <email address hidden>
Date: Wed Jun 26 14:09:30 2024 -0400
CVE-2024-32498: Check for external qcow2 data file
Adds code to image_utils to check for a qcow2 external data
file, a recent feature of qemu which we do not support and
which can be used maliciously.
Advice from the qemu-img community is that it is dangerous
to call qemu-img info on untrusted files, so we copy over
the format_inspector module from Glance. This performs basic
analysis on the image data file so we can detect problematic
images before we call qemu-img info to get all the image
attributes. It is expected that this code will eventually be
added to oslo so it can be consumed by Glance, Cinder, and
Nova.
Because cinder itself may create qcow2 format images with a
backing file in nfs-based backends, the glance format_inspector
has been modified to optionally allow such files. Since we are
monkeying with the format_inspector code, we also copy over
its unit tests to prevent regressions and to add tests for the
changed code.
Includes an additional fix to prevent an issue where a user
could mount a raw volume and write a qcow2 header with a larger
virtual size on it. On reattaching the volume it would have the
new larger virtual size avaialable without actually changing
the size value in cinder. While we cannot prevent this we can
prevent the user from using this volume again, which makes this
exploit pointless.
Co-authored-by: Dan Smith <email address hidden>
Co-authored-by: Felix Huettner <email address hidden>
Change-Id: I65857288b797cde573e7443ac6e7e6f57fedde01
Closes-bug: #2059809
(cherry picked from commit d6a186945e03649343af55b46ed8dfe0dd326e40)
(cherry picked from commit db98dc207060da234c32a563c13cac1edbd62952)
(cherry picked from commit 9e667b02b2c20b4ada18c1a472be152956284d45)
(cherry picked from commit 5f5e86e3542866227b7339713148b5169d069f21)
Reviewed: https:/ /review. opendev. org/c/openstack /cinder/ +/923314 /opendev. org/openstack/ cinder/ commit/ 4aa6590a483901d e64e0d162fff11f 3d2d7f9977
Committed: https:/
Submitter: "Zuul (22348)"
Branch: unmaintained/zed
commit 4aa6590a483901d e64e0d162fff11f 3d2d7f9977
Author: Brian Rosmaita <email address hidden>
Date: Wed Jun 26 14:09:30 2024 -0400
CVE-2024-32498: Check for external qcow2 data file
Adds code to image_utils to check for a qcow2 external data
file, a recent feature of qemu which we do not support and
which can be used maliciously.
Advice from the qemu-img community is that it is dangerous
to call qemu-img info on untrusted files, so we copy over
the format_inspector module from Glance. This performs basic
analysis on the image data file so we can detect problematic
images before we call qemu-img info to get all the image
attributes. It is expected that this code will eventually be
added to oslo so it can be consumed by Glance, Cinder, and
Nova.
Because cinder itself may create qcow2 format images with a
backing file in nfs-based backends, the glance format_inspector
has been modified to optionally allow such files. Since we are
monkeying with the format_inspector code, we also copy over
its unit tests to prevent regressions and to add tests for the
changed code.
Includes an additional fix to prevent an issue where a user
could mount a raw volume and write a qcow2 header with a larger
virtual size on it. On reattaching the volume it would have the
new larger virtual size avaialable without actually changing
the size value in cinder. While we cannot prevent this we can
prevent the user from using this volume again, which makes this
exploit pointless.
Co-authored-by: Dan Smith <email address hidden>
Co-authored-by: Felix Huettner <email address hidden>
Change-Id: I65857288b797cd e573e7443ac6e7e 6f57fedde01 343af55b46ed8df e0dd326e40) 34c32a563c13cac 1edbd62952) ada18c1a472be15 2956284d45) 27b7339713148b5 169d069f21)
Closes-bug: #2059809
(cherry picked from commit d6a186945e03649
(cherry picked from commit db98dc207060da2
(cherry picked from commit 9e667b02b2c20b4
(cherry picked from commit 5f5e86e35428662