Comment 77 for bug 1996188
Revision history for this message
| Dan Smith (danms) wrote Re: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) | #77 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Erno - right now the format inspector is not mandatory. Meaning, we only snag the virtual_size for monolithicSparse, but we don't refuse the upload if it's a format we don't expect. If you want to *change* that, then that's fine. I don't think that the extra checks before we do operations on an image is a bad idea though, especially as it mirrors what we're doing in the other projects.