yesBad/pve-storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

untrusted image checks: also handle multi-part vmdk files

Browse Source 
neither vmdk images with multiple children, nor ones with multiple extents
(that might in turn be backed by multiple files) are allowed when an image is
untrusted.

Reported-by: Friedrich Weber <f.weber@proxmox.com>
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler
2024-11-19 20:46:27 +01:00
committed by Thomas Lamprecht
parent a3db720967
commit 3633dee46d
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/PVE/Storage/Plugin.pm
View File

@ -1012,6 +1012,11 @@ sub file_size_info {
if (my $format_specific = $info->{'format-specific'}) {
if ($format_specific->{type} eq 'qcow2' && $format_specific->{data}->{"data-file"}) {
die "$filename: 'data-file' references are not allowed!\n";
} elsif ($format_specific->{type} eq 'vmdk') {
my $extents = $format_specific->{data}->{extents};
my $children = $info->{children};
die "$filename: multiple children or extents are not allowed!\n"
if scalar($children->@*) > 1 || scalar($extents->@*) > 1;
}
}
}