Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

yoga: Backport fixes for CVE-2024-32498 #34

Merged
merged 8 commits into from
Jul 9, 2024
Merged

yoga: Backport fixes for CVE-2024-32498 #34

merged 8 commits into from
Jul 9, 2024

Conversation

markgoddard
Copy link

  • Reject qcow files with data-file attributes
  • Extend format_inspector for QCOW safety
  • Add VMDK safety check
  • Reject unsafe qcow and vmdk files
  • Add QED format detection to format_inspector
  • Add file format detection to format_inspector
  • Add safety check and detection support to FI tool
  • Backport fix ups for Yoga

kk7ds and others added 8 commits July 2, 2024 10:40
@kk7ds @markgoddard
Reject qcow files with data-file attributes
26c7b35 
Change-Id: I6326a3e85c1ba4cb1da944a4323769f2399ed2c1
Closes-Bug: #2059809
(cherry picked from commit 2ca29af4433e9fa99a0a48e230d8d25d6eaa4a87)
(cherry picked from commit c3586f3a122f6cb0663217b12b52203e74e2e4fa)
(cherry picked from commit a92c438fb5ba55440b38cae7c8b4361b58daa9dd)
@kk7ds @markgoddard
Extend format_inspector for QCOW safety
c6d5a68 
This adds two properties to the QcowInspector that makes it able to
indicate whether the file specifies a backing_file or data_file in the
header. Both conditions are considered unsafe for our usage. To
ease checking of this condition, a classmethod is added that takes
a local filename and digests just enough of the file to assert that
both conditions are false.

Change-Id: Iaf86b525397d41bd116999cabe0954a0a7efac65
Related-Bug: #2059809
(cherry picked from commit ae536bb394793c9a7a219cb498e03d5c81dbbbb7)
(cherry picked from commit 2eba54e0821106097dfeceb424e53943fd090483)
(cherry picked from commit 89dbbc838d606f461087e1494d19ddbcf9db0a38)
@kk7ds @markgoddard
Add VMDK safety check
cd19a3d 
This makes us check the extent filenames to make sure they don't
have any banned characters in them (i.e. slashes). It also makes
us reject VMDK files with a footer. Since we process these files
as a stream, we can't honor a footer that directs us to find the
descriptor block in a location we've already processed. Thus, if
a file indicates it has a footer, consider it a policy exception
and unsupported.

Change-Id: I4a1c6dff7854c49940a0ac7988722aa6befc04fa
(cherry picked from commit c1bf35dffb7f4c3090b1f04cf0e27cb431330c3e)
(cherry picked from commit d3f1d6159c0218ac01e8d881e2ec4da71fc952ee)
(cherry picked from commit 2dd4d138d4b8e1d9ca69fc0dda3711553a65d912)
@kk7ds @markgoddard
Reject unsafe qcow and vmdk files
8e00bf8 
This causes us to use the format inspector to pre-examine qcow and
vmdk files for safe configurations before even using qemu-img
on them.

Change-Id: I0554706368e573e11f649c09569f7c21cbc8634b
Closes-Bug: #2059809
(cherry picked from commit a95f335bca1dfdd1c904ae475e9fe8c6806f2c56)
(cherry picked from commit 55fc42563818fcf88b474233df242a796c918b3a)
(cherry picked from commit f1f53075d69a9a1c006b3e25506e30eb0210de1f)
@kk7ds @markgoddard
Add QED format detection to format_inspector
cc47b71 
This merely recognizes this format and always marks it as unsafe
because no service supports it. This prevents someone from uploading
one that we will ask qemu-img to inspect.

Change-Id: Ieea7b7eb0f380571bd4937cded920776e05f7ec4
(cherry picked from commit 4096c5aff1d046d5c28d0e4a69b3c9574e9e8cc8)
(cherry picked from commit ba98022b98ef5b9c98e1d7d20c88e1ca4b23fa80)
(cherry picked from commit a8dadcd7994c88a61f94341286b4bcd693b51b32)
@kk7ds @markgoddard
Add file format detection to format_inspector
867566a 
Change-Id: If0a4251465507be035ffaf9d855299611637cfa9
(cherry picked from commit 79271eaa5c742a1741321198c43807857fb6ed94)
(cherry picked from commit e1c36248c7660dea1bedfa8f1c0711a4b97d279c)
(cherry picked from commit d54121d6a937fd50aae1018aede228a3c0985dce)
@kk7ds @markgoddard
Add safety check and detection support to FI tool
11d3b65 
This adds a safety check and detection mechanism to the
tools/test_format_inspector.py utility for verifying those features
outside of glance.

Change-Id: I447e7e51315472f8fa6013d4c4852f54c1e0c43d
(cherry picked from commit b27040b87e43ff4acfb6870ef0d13d54e5ca5caa)
(cherry picked from commit b394ef00c3426771092d099cf1d96077bfa4b919)
(cherry picked from commit aa12d39b453068d9ee8367591eb60d4a15cddece)
@markgoddard
Backport fix ups for Yoga
543b1f3
@markgoddard markgoddard requested a review from a team as a code owner July 9, 2024 09:56
@markgoddard markgoddard self-assigned this Jul 9, 2024
@markgoddard markgoddard mentioned this pull request Jul 9, 2024
Merged
@markgoddard
Copy link
Author

Unit tests pass locally. Missing qemu-img in CI.

@markgoddard markgoddard merged commit 186a1f6 into stackhpc/yoga Jul 9, 2024
0 of 3 checks passed
@markgoddard markgoddard deleted the yoga-cve-2024-32498 branch July 9, 2024 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@markgoddard markgoddard

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@markgoddard @kk7ds