Comment 88 for bug 2059809
Revision history for this message
| Dan Smith (danms) wrote Re: Arbitrary file access through QCOW2 external data file | #88 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Additional patch for glance's format_inspector to check VMDK safety items. Specifically assert that the descriptor looks sane, does not have any files with slashes listed as extents, and that it doesn't have a sparse/stream footer. Since we process this as a stream, we can't go back in time and read from an earlier part of the stream if the footer instructs us to. So, until someone says it's unreasonable, this just refuses a VMDK file with a footer.