Comment 58 for bug 1524274

Reviewed: https://review.openstack.org/264814
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=915fdbbfb82272b87cd80210943372b09351cf88
Submitter: Jenkins
Branch: master

commit 915fdbbfb82272b87cd80210943372b09351cf88
Author: Matthew Booth <email address hidden>
Date: Fri Dec 11 13:40:54 2015 +0000

    Fix backing file detection in libvirt live snapshot

    When doing a live snapshot, the libvirt driver creates an intermediate
    qcow2 file with the same backing file as the original disk. However,
    it calls qemu-img info without specifying the input format explicitly.
    An authenticated user can write data to a raw disk which will cause
    this code to misinterpret the disk as a qcow2 file with a
    user-specified backing file on the host, and return an arbitrary host
    file as the backing file.

    This bug does not appear to result in a data leak in this case, but
    this is hard to verify. It certainly results in corrupt output.

    Closes-Bug: #1524274

    Change-Id: I11485f077d28f4e97529a691e55e3e3c0bea8872