From 3633dee46d6f06a4c1871c111ca0b6c197b00d71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Tue, 19 Nov 2024 20:46:27 +0100
Subject: [PATCH] untrusted image checks: also handle multi-part vmdk files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

neither vmdk images with multiple children, nor ones with multiple extents
(that might in turn be backed by multiple files) are allowed when an image is
untrusted.

Reported-by: Friedrich Weber <f.weber@proxmox.com>
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 src/PVE/Storage/Plugin.pm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/PVE/Storage/Plugin.pm b/src/PVE/Storage/Plugin.pm
index 25e2a4d..0b0b5a8 100644
--- a/src/PVE/Storage/Plugin.pm
+++ b/src/PVE/Storage/Plugin.pm
@@ -1012,6 +1012,11 @@ sub file_size_info {
 	if (my $format_specific = $info->{'format-specific'}) {
 	    if ($format_specific->{type} eq 'qcow2' && $format_specific->{data}->{"data-file"}) {
 		die "$filename: 'data-file' references are not allowed!\n";
+	    } elsif ($format_specific->{type} eq 'vmdk') {
+		my $extents = $format_specific->{data}->{extents};
+		my $children = $info->{children};
+		die "$filename: multiple children or extents are not allowed!\n"
+		    if scalar($children->@*) > 1 || scalar($extents->@*) > 1;
 	    }
 	}
     }