api: iso up/download: check file content

by letting it run through 'file_size_info' as 'untrusted', since that
does the necessary checks. We do this so we don't accidentally
up/download a file that is not a valid iso

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-by: Fiona Ebner <f.ebner@proxmox.com>
Tested-by: Fiona Ebner <f.ebner@proxmox.com>

src/PVE/API2/Storage/Status.pm

@@ -510,6 +510,10 @@ __PACKAGE__->register_method ({
 			die "checksum mismatch: got '$checksum_got' != expect '$checksum'\n";
 		    }
 		}
+
+		if ($content eq 'iso') {
+		    PVE::Storage::assert_iso_content($tmpfilename);
+		}
 	    };
 	    if (my $err = $@) {
 		# unlinks only the temporary file from the http server
@@ -662,6 +666,14 @@ __PACKAGE__->register_method({
 	    $opts->{hash_required} = 1;
 	}
 
+	$opts->{assert_file_validity} = sub {
+	    my ($tmp_path) = @_;
+
+	    if ($content eq 'iso') {
+		PVE::Storage::assert_iso_content($tmp_path);
+	    }
+	};
+
 	my $worker = sub {
 	    if ($compression) {
 		die "decompression not supported for $content\n" if $content ne 'iso';

src/PVE/Storage.pm

@@ -2196,4 +2196,14 @@ sub get_import_metadata {
     return $plugin->get_import_metadata($scfg, $volname, $storeid);
 }
 
+# dies if the content of the given path is unexpected for an ISO
+sub assert_iso_content {
+    my ($path) = @_;
+
+    # check for things like backing image
+    file_size_info($path, undef, 1);
+
+    return 1;
+}
+
 1;