Glance

  1. Bug #2006490
  2. Comment #3

Comment 3 for bug 2006490

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/glance/+/872990
Committed: https://opendev.org/openstack/glance/commit/06a18202ab52c64803f044b8f848ed1c160905d2
Submitter: "Zuul (22348)"
Branch: stable/zed

commit 06a18202ab52c64803f044b8f848ed1c160905d2
Author: Guillaume Espanel <email address hidden>
Date: Wed Jan 25 11:53:09 2023 +0100

    Limit CaptureRegion sizes in format_inspector for VMDK and VHDX

    VMDK:
    When parsing a VMDK file to calculate its size, the format_inspector
    determines the location of the Descriptor section by reading two
    uint64 from the headers of the file and uses them to create the
    descriptor CaptureRegion.

    It would be possible to craft a VMDK file that commands the
    format_inspector to create a very big CaptureRegion, thus exhausting
    resources on the glance-api process.

    This patch binds the beginning of the descriptor to 0x200 and limits
    the size of the CaptureRegion to 1MB, similar to how the VMDK
    descriptor is parsed by qemu.

    VHDX:
    It is a bit more involved, but similar: when looking for the
    VIRTUAL_DISK_SIZE metadata, the format_inspector was creating an
    unbounded CaptureRegion.

    In the same way as it seems to be done in Qemu, we now limit the upper
    bound of this CaptureRegion.

    Closes-Bug: #2006490
    Change-Id: I3ec5a33df20e1cfb6673f4ff1c7c91aacd065532
    (cherry picked from commit d4d33ee30f303f783c0640cd72acb31b313e1164)