Comment 189 for bug 2059809
Revision history for this message
| Dan Smith (danms) wrote Re: Arbitrary file access through QCOW2 external data file (CVE-2024-32498) | #189 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Zigo, the format_inspector is grafted straight from glance which has extensive tests for it, including for this new functionality. After this is public I'll be moving all of that to oslo so it will be in one place. There's also a standalone format inspector test utility in the glance repo which you can use to run it outside the service, although I haven't extended that standalone tool to do any of the safety checking yet.
The instructions in the description for creating a bad image are very easy to run and that's what I've been doing thus far. I don't think we need to attach a bad image to this bug as a result.