0dd8f840c7
- vdpa: Fix bug where vdpa appliance migration does not resume after rollback - block: Parse filenames only when explicitly requested (CVE-2024-4467) - block: introduce bdrv_open_file_child() helper - iotests/270: Don't store data-file with json: prefix in image (CVE-2024-4467) - iotests/244: Don't store data-file with protocol in image (CVE-2024-4467) - qcow2: Don't open data_file with BDRV_O_NO_IO (CVE-2024-4467) - qcow2: Do not reopen data_file in invalidate_cache - hw/intc/arm_gic: Fix deactivation of SPI lines chery-pick from 7175a562f157d39725ab396e39c1e8e410d206b3 - vhost-user: Skip unnecessary duplicated VHOST_USER_SET_LOG_BASE requests - target/ppc: Split off common embedded TLB init cheery-pick from 581eea5d656b73c6532109f4ced4c73fd4e5fd47` - vdpa: fix vdpa device migrate rollback wrong when suspend device failed 1. - hw/virtio/virtio-pci:Support shadow device for virtio-net/blk/scsi devices Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit ad45062d44e901468eeb8c4ac0729587daaa1e1f)
55 lines
1.9 KiB
Diff
55 lines
1.9 KiB
Diff
From 7ee281f59878c1f7a95e0a2a3f674c252d0c9f92 Mon Sep 17 00:00:00 2001
|
|
From: Kevin Wolf <kwolf@redhat.com>
|
|
Date: Thu, 25 Apr 2024 14:49:40 +0200
|
|
Subject: [PATCH] iotests/270: Don't store data-file with json: prefix in image
|
|
(CVE-2024-4467)
|
|
|
|
We want to disable filename parsing for data files because it's too easy
|
|
to abuse in malicious image files. Make the test ready for the change by
|
|
passing the data file explicitly in command line options.
|
|
|
|
Cc: qemu-stable@nongnu.org
|
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
|
|
---
|
|
tests/qemu-iotests/270 | 14 +++++++++++---
|
|
1 file changed, 11 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/tests/qemu-iotests/270 b/tests/qemu-iotests/270
|
|
index 74352342db..c37b674aa2 100755
|
|
--- a/tests/qemu-iotests/270
|
|
+++ b/tests/qemu-iotests/270
|
|
@@ -60,8 +60,16 @@ _make_test_img -o cluster_size=2M,data_file="$TEST_IMG.orig" \
|
|
# "write" 2G of data without using any space.
|
|
# (qemu-img create does not like it, though, because null-co does not
|
|
# support image creation.)
|
|
-$QEMU_IMG amend -o data_file="json:{'driver':'null-co',,'size':'4294967296'}" \
|
|
- "$TEST_IMG"
|
|
+test_img_with_null_data="json:{
|
|
+ 'driver': '$IMGFMT',
|
|
+ 'file': {
|
|
+ 'filename': '$TEST_IMG'
|
|
+ },
|
|
+ 'data-file': {
|
|
+ 'driver': 'null-co',
|
|
+ 'size':'4294967296'
|
|
+ }
|
|
+}"
|
|
|
|
# This gives us a range of:
|
|
# 2^31 - 512 + 768 - 1 = 2^31 + 255 > 2^31
|
|
@@ -74,7 +82,7 @@ $QEMU_IMG amend -o data_file="json:{'driver':'null-co',,'size':'4294967296'}" \
|
|
# on L2 boundaries, we need large L2 tables; hence the cluster size of
|
|
# 2 MB. (Anything from 256 kB should work, though, because then one L2
|
|
# table covers 8 GB.)
|
|
-$QEMU_IO -c "write 768 $((2 ** 31 - 512))" "$TEST_IMG" | _filter_qemu_io
|
|
+$QEMU_IO -c "write 768 $((2 ** 31 - 512))" "$test_img_with_null_data" | _filter_qemu_io
|
|
|
|
_check_test_img
|
|
|
|
--
|
|
2.41.0.windows.1
|
|
|