Suggested-by: Fabian Grünbichler <f.gruenbich...@proxmox.com> Signed-off-by: Fiona Ebner <f.eb...@proxmox.com> ---
New in v3. Actual checking being done depends on Fabian's hardening patches: https://lore.proxmox.com/pve-devel/20241104104221.228730-1-f.gruenbich...@proxmox.com/ PVE/QemuServer.pm | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index f484d048..c2e7b4a5 100644 --- a/PVE/QemuServer.pm +++ b/PVE/QemuServer.pm @@ -7385,6 +7385,12 @@ sub restore_external_archive { $backup_provider->restore_vm_volume_init($volname, $storeid, $d->{devname}, {}); my $source_path = $info->{'qemu-img-path'} or die "did not get source image path from backup provider\n"; + + print "importing drive '$d->{devname}' from '$source_path'\n"; + + # safety check for untrusted source image + PVE::Storage::file_size_info($source_path, undef, 1); + eval { qemu_img_convert( $source_path, $d->{volid}, $d->{size}, undef, 0, $options->{bwlimit}); -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
