0032b4cb85
- kvm-qcow2-Don-t-open-data_file-with-BDRV_O_NO_IO.patch [RHEL-35616] - kvm-iotests-244-Don-t-store-data-file-with-protocol-in-i.patch [RHEL-35616] - kvm-iotests-270-Don-t-store-data-file-with-json-prefix-i.patch [RHEL-35616] - kvm-block-introduce-bdrv_open_file_child-helper.patch [RHEL-35616] - kvm-block-Parse-filenames-only-when-explicitly-requested.patch [RHEL-35616] - Resolves: RHEL-35616 (CVE-2024-4467 virt:rhel/qemu-kvm: QEMU: 'qemu-img info' leads to host file read/write [rhel-8.10.z])
69 lines
2.5 KiB
Diff
69 lines
2.5 KiB
Diff
From 3cb587f460ec432f329fb83df034bbb7e79e17aa Mon Sep 17 00:00:00 2001
|
|
From: Jon Maloy <jmaloy@redhat.com>
|
|
Date: Wed, 5 Jun 2024 19:56:51 -0400
|
|
Subject: [PATCH 2/5] iotests/244: Don't store data-file with protocol in image
|
|
|
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
|
RH-MergeRequest: 5: EMBARGOED CVE-2024-4467 for rhel-8.10.z (PRDSC)
|
|
RH-Jira: RHEL-35616
|
|
RH-CVE: CVE-2024-4467
|
|
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
RH-Commit: [2/5] a422cfdba938e1bd857008ccbbddc695011ae0ff
|
|
|
|
commit 92e00dab8be1570b13172353d77d2af44cb4e22b
|
|
Author: Kevin Wolf <kwolf@redhat.com>
|
|
Date: Thu Apr 25 14:49:40 2024 +0200
|
|
|
|
iotests/244: Don't store data-file with protocol in image
|
|
|
|
We want to disable filename parsing for data files because it's too easy
|
|
to abuse in malicious image files. Make the test ready for the change by
|
|
passing the data file explicitly in command line options.
|
|
|
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
|
|
Upstream: N/A, embargoed
|
|
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
|
|
|
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
|
---
|
|
tests/qemu-iotests/244 | 19 ++++++++++++++++---
|
|
1 file changed, 16 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/tests/qemu-iotests/244 b/tests/qemu-iotests/244
|
|
index 3e61fa25bb..bb9cc6512f 100755
|
|
--- a/tests/qemu-iotests/244
|
|
+++ b/tests/qemu-iotests/244
|
|
@@ -215,9 +215,22 @@ $QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG"
|
|
$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG"
|
|
|
|
# blkdebug doesn't support copy offloading, so this tests the error path
|
|
-$QEMU_IMG amend -f $IMGFMT -o "data_file=blkdebug::$TEST_IMG.data" "$TEST_IMG"
|
|
-$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG"
|
|
-$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG"
|
|
+test_img_with_blkdebug="json:{
|
|
+ 'driver': 'qcow2',
|
|
+ 'file': {
|
|
+ 'driver': 'file',
|
|
+ 'filename': '$TEST_IMG'
|
|
+ },
|
|
+ 'data-file': {
|
|
+ 'driver': 'blkdebug',
|
|
+ 'image': {
|
|
+ 'driver': 'file',
|
|
+ 'filename': '$TEST_IMG.data'
|
|
+ }
|
|
+ }
|
|
+}"
|
|
+$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$test_img_with_blkdebug"
|
|
+$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$test_img_with_blkdebug"
|
|
|
|
echo
|
|
echo "=== Flushing should flush the data file ==="
|
|
--
|
|
2.39.3
|
|
|