e2image, libext2fs: check for corrupted qcow2 image

If the qcow2 image is corrupted, qcow2_write_image() will now return
an indication of this to e2image (the only current user of
qcow2_write_image).

Also fix how e2image prints an error message it can't understand the
qcow2 image.

Addresses-Coverity-Bug: 1297511
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/lib/ext2fs/qcow2.c b/lib/ext2fs/qcow2.c
index 4037f9341534b5d6fb002e0fed0f14adf9a59834..71a4792fca5be9eb06cabe1d3a41f16024755bd4 100644 (file)
--- a/lib/ext2fs/qcow2.c
+++ b/lib/ext2fs/qcow2.c
@@ -166,6 +166,7 @@ int qcow2_write_raw_image(int qcow2_fd, int raw_fd,
        blk64_t *l1_table, *l2_table = NULL;
        void *copy_buf = NULL;
        size_t size;
+       unsigned int max_l1_size;
 
        if (hdr->crypt_method)
                return -QCOW_ENCRYPTED;
@@ -175,12 +176,21 @@ int qcow2_write_raw_image(int qcow2_fd, int raw_fd,
        img.l2_cache = NULL;
        img.l1_table = NULL;
        img.cluster_bits = ext2fs_be32_to_cpu(hdr->cluster_bits);
+       if (img.cluster_bits < 9 || img.cluster_bits > 31)
+               return -QCOW_CORRUPTED;
        img.cluster_size = 1 << img.cluster_bits;
        img.l1_size = ext2fs_be32_to_cpu(hdr->l1_size);
        img.l1_offset = ext2fs_be64_to_cpu(hdr->l1_table_offset);
        img.l2_size = 1 << (img.cluster_bits - 3);
        img.image_size = ext2fs_be64_to_cpu(hdr->size);
 
+       if (img.l1_offset & (img.cluster_size - 1))
+               return -QCOW_CORRUPTED;
+
+       max_l1_size = (img.image_size >> ((2 * img.cluster_bits) - 3)) +
+               img.cluster_size;
+       if (img.l1_size > max_l1_size)
+               return -QCOW_CORRUPTED;
 
        ret = ext2fs_get_memzero(img.cluster_size, &l2_table);
        if (ret)

diff --git a/lib/ext2fs/qcow2.h b/lib/ext2fs/qcow2.h
index 81e0ec932657f7c5c24437cc567b5b04985a9a19..5576348a87c3a0902dc71faf0c0d5404b87bde8f 100644 (file)
--- a/lib/ext2fs/qcow2.h
+++ b/lib/ext2fs/qcow2.h
@@ -35,6 +35,7 @@
 
 #define QCOW_COMPRESSED                1
 #define QCOW_ENCRYPTED         2
+#define QCOW_CORRUPTED         3
 
 struct ext2_qcow2_hdr {
        __u32   magic;

diff --git a/misc/e2image.c b/misc/e2image.c
index d52accf5db448734d327d62848e9336a9f863c15..d32b84a3de7147e21fe88cf873afe7c41c3d22f1 100644 (file)
--- a/misc/e2image.c
+++ b/misc/e2image.c
@@ -1633,13 +1633,18 @@ skip_device:
                        if (ret == -QCOW_COMPRESSED)
                                fprintf(stderr, _("Image (%s) is compressed\n"),
                                        image_fn);
-                       if (ret == -QCOW_ENCRYPTED)
+                       else if (ret == -QCOW_ENCRYPTED)
                                fprintf(stderr, _("Image (%s) is encrypted\n"),
                                        image_fn);
-                       com_err(program_name, ret,
-                               _("while trying to convert qcow2 image"
-                                 " (%s) into raw image (%s)"),
-                               device_name, image_fn);
+                       else if (ret == -QCOW_CORRUPTED)
+                               fprintf(stderr, _("Image (%s) is corrupted\n"),
+                                       image_fn);
+                       else
+                               com_err(program_name, ret,
+                                       _("while trying to convert qcow2 image"
+                                         " (%s) into raw image (%s)"),
+                                       image_fn, device_name);
+                       ret = 1;
                }
                goto out;
        }