eb40024471
- kvm-qcow2-Don-t-open-data_file-with-BDRV_O_NO_IO.patch [RHEL-35611] - kvm-iotests-244-Don-t-store-data-file-with-protocol-in-i.patch [RHEL-35611] - kvm-iotests-270-Don-t-store-data-file-with-json-prefix-i.patch [RHEL-35611] - kvm-block-Parse-filenames-only-when-explicitly-requested.patch [RHEL-35611] - Resolves: RHEL-35611 (CVE-2024-4467 qemu-kvm: QEMU: 'qemu-img info' leads to host file read/write [rhel-9.5])
62 lines
2.2 KiB
Diff
62 lines
2.2 KiB
Diff
From 16c2e9e339a4c83055fd39e032fa16a0e732ed17 Mon Sep 17 00:00:00 2001
|
|
From: Kevin Wolf <kwolf@redhat.com>
|
|
Date: Thu, 25 Apr 2024 14:49:40 +0200
|
|
Subject: [PATCH 2/4] iotests/244: Don't store data-file with protocol in image
|
|
|
|
RH-Author: Hana Czenczek <hczenczek@redhat.com>
|
|
RH-MergeRequest: 1: CVE 2024-4467 (PRDSC)
|
|
RH-Jira: RHEL-35611
|
|
RH-CVE: CVE-2024-4467
|
|
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
RH-Acked-by: Eric Blake <eblake@redhat.com>
|
|
RH-Commit: [2/4] 92e00dab8be1570b13172353d77d2af44cb4e22b
|
|
|
|
We want to disable filename parsing for data files because it's too easy
|
|
to abuse in malicious image files. Make the test ready for the change by
|
|
passing the data file explicitly in command line options.
|
|
|
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
|
|
Upstream: N/A, embargoed
|
|
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
|
|
---
|
|
tests/qemu-iotests/244 | 19 ++++++++++++++++---
|
|
1 file changed, 16 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/tests/qemu-iotests/244 b/tests/qemu-iotests/244
|
|
index 3e61fa25bb..bb9cc6512f 100755
|
|
--- a/tests/qemu-iotests/244
|
|
+++ b/tests/qemu-iotests/244
|
|
@@ -215,9 +215,22 @@ $QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG"
|
|
$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG"
|
|
|
|
# blkdebug doesn't support copy offloading, so this tests the error path
|
|
-$QEMU_IMG amend -f $IMGFMT -o "data_file=blkdebug::$TEST_IMG.data" "$TEST_IMG"
|
|
-$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$TEST_IMG"
|
|
-$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$TEST_IMG"
|
|
+test_img_with_blkdebug="json:{
|
|
+ 'driver': 'qcow2',
|
|
+ 'file': {
|
|
+ 'driver': 'file',
|
|
+ 'filename': '$TEST_IMG'
|
|
+ },
|
|
+ 'data-file': {
|
|
+ 'driver': 'blkdebug',
|
|
+ 'image': {
|
|
+ 'driver': 'file',
|
|
+ 'filename': '$TEST_IMG.data'
|
|
+ }
|
|
+ }
|
|
+}"
|
|
+$QEMU_IMG convert -f $IMGFMT -O $IMGFMT -n -C "$TEST_IMG.src" "$test_img_with_blkdebug"
|
|
+$QEMU_IMG compare -f $IMGFMT -F $IMGFMT "$TEST_IMG.src" "$test_img_with_blkdebug"
|
|
|
|
echo
|
|
echo "=== Flushing should flush the data file ==="
|
|
--
|
|
2.39.3
|
|
|