From c2eafeb32a256cbafb0e65c0380acb478181326e Mon Sep 17 00:00:00 2001 From: Jon Maloy Date: Wed, 5 Jun 2024 19:56:51 -0400 Subject: [PATCH 2/4] iotests/244: Don't store data-file with protocol in image RH-Author: Jon Maloy RH-MergeRequest: 2: EMBARGOED CVE-2024-4467 for rhel-9.4.z (PRDSC) RH-Jira: https://issues.redhat.com/browse/RHEL-35610 RH-CVE: CVE-2024-4467 RH-Acked-by: Kevin Wolf RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Hanna Czenczek RH-Commit: [2/4] ddef095945aa55bb0aacc2a2cb58f9e12ad20d5e commit 92e00dab8be1570b13172353d77d2af44cb4e22b Author: Kevin Wolf Date: Thu Apr 25 14:49:40 2024 +0200 iotests/244: Don't store data-file with protocol in image We want to disable filename parsing for data files because it's too easy to abuse in malicious image files. Make the test ready for the change by passing the data file explicitly in command line options. Signed-off-by: Kevin Wolf Reviewed-by: Eric Blake Reviewed-by: Stefan Hajnoczi Reviewed-by: Hanna Czenczek Upstream: N/A, embargoed Signed-off-by: Hanna Czenczek Signed-off-by: Jon Maloy --- tests/qemu-iotests/244 | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/tests/qemu-iotests/244 b/tests/qemu-iotests/244 index 3e61fa25bb..bb9cc6512f 100755 --- a/tests/qemu-iotests/244 +++ b/tests/qemu-iotests/244 @@ -215,9 +215,22 @@ $QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG" $QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG" # blkdebug doesn't support copy offloading, so this tests the error path -$QEMU_IMG amend -f $IMGFMT -o "data_file=blkdebug::$TEST_IMG.data" "$TEST_IMG" -$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG" -$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG" +test_img_with_blkdebug="json:{ + 'driver': 'qcow2', + 'file': { + 'driver': 'file', + 'filename': '$TEST_IMG' + }, + 'data-file': { + 'driver': 'blkdebug', + 'image': { + 'driver': 'file', + 'filename': '$TEST_IMG.data' + } + } +}" +$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$test_img_with_blkdebug" +$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$test_img_with_blkdebug" echo echo "=== Flushing should flush the data file ===" -- 2.39.3