check to be imported files for external references if they are of
content type 'import'.
Signed-off-by: Dominik Csapak <d.csa...@proxmox.com>
---
new in v6
PVE/API2/Qemu.pm | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 58aaabbe..cbbd1e36 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -440,6 +440,7 @@ my sub create_disks : prototype($$$$$$$$$$$) {
my ($vtype, undef, undef, undef, undef, undef, $fmt)
= PVE::Storage::parse_volname($storecfg, $source);
my $needs_extraction =
PVE::QemuServer::Helpers::needs_extraction($vtype, $fmt);
+ my $untrusted = $vtype eq 'import' ? 1 : 0;
if ($needs_extraction) {
print "extracting $source\n";
my $extracted_volid =
PVE::GuestImport::extract_disk_from_import_file(
@@ -458,7 +459,8 @@ my sub create_disks : prototype($$$$$$$$$$$) {
my $path = PVE::Storage::path($storecfg, $source)
or die "failed to get a path for '$source'\n";
$source = $path;
- ($size, my $source_format) =
PVE::Storage::file_size_info($source);
+ # check potentially untrusted image file for import
vtype
+ ($size, my $source_format) =
PVE::Storage::file_size_info($source, undef, $untrusted);
die "could not get file size of $source\n" if !$size;
$live_import_mapping->{$ds} = {
@@ -468,6 +470,13 @@ my sub create_disks : prototype($$$$$$$$$$$) {
$live_import_mapping->{$ds}->{'delete-after-finish'} =
$source
if $needs_extraction;
} else {
+ # check potentially untrusted image file for import
vtype
+ if ($untrusted) {
+ my $scfg = PVE::Storage::storage_config($storecfg,
$source_storage);
+ my $path = PVE::Storage::path($storecfg, $source);
+ PVE::Storage::file_size_info($path, undef, 1);
+ }
+
my $dest_info = {
vmid => $vmid,
drivename => $ds,
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
