git.ipfire.org Git - thirdparty/qemu.git/commit

author	Kevin Wolf <kwolf@redhat.com>
	Thu, 11 Apr 2024 13:06:01 +0000 (15:06 +0200)
committer	Michael Tokarev <mjt@tls.msk.ru>
	Wed, 3 Jul 2024 20:00:21 +0000 (23:00 +0300)
commit	312ca4065b236b1c6eea649a3138d6ea79149794
tree	c42ae517c644b7baa44ebb76291cf7c09406b490	tree
parent	68473fdd221f5dcd5747c6147625f5138af46cbc	commit \| diff

qcow2: Don't open data_file with BDRV_O_NO_IO

One use case for 'qemu-img info' is verifying that untrusted images
don't reference an unwanted external file, be it as a backing file or an
external data file. To make sure that calling 'qemu-img info' can't
already have undesired side effects with a malicious image, just don't
open the data file at all with BDRV_O_NO_IO. If nothing ever tries to do
I/O, we don't need to have it open.

This changes the output of iotests case 061, which used 'qemu-img info'
to show that opening an image with an invalid data file fails. After
this patch, it succeeds. Replace this part of the test with a qemu-io
call, but keep the final 'qemu-img info' to show that the invalid data
file is correctly displayed in the output.

Fixes: CVE-2024-4467
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
(cherry picked from commit bd385a5298d7062668e804d73944d52aec9549f1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

block/qcow2.c		diff \| blob \| blame \| history
tests/qemu-iotests/061		diff \| blob \| blame \| history
tests/qemu-iotests/061.out		diff \| blob \| blame \| history