mirror of
git://git.proxmox.com/git/pve-storage.git
synced 2024-12-22 13:34:16 +03:00
api: iso up/download: check file content
by letting it run through 'file_size_info' as 'untrusted', since that does the necessary checks. We do this so we don't accidentally up/download a file that is not a valid iso Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> Reviewed-by: Fiona Ebner <f.ebner@proxmox.com> Tested-by: Fiona Ebner <f.ebner@proxmox.com>
This commit is contained in:
parent
5005ff5ab9
commit
8652cb9de3
@ -510,6 +510,10 @@ __PACKAGE__->register_method ({
|
||||
die "checksum mismatch: got '$checksum_got' != expect '$checksum'\n";
|
||||
}
|
||||
}
|
||||
|
||||
if ($content eq 'iso') {
|
||||
PVE::Storage::assert_iso_content($tmpfilename);
|
||||
}
|
||||
};
|
||||
if (my $err = $@) {
|
||||
# unlinks only the temporary file from the http server
|
||||
@ -662,6 +666,14 @@ __PACKAGE__->register_method({
|
||||
$opts->{hash_required} = 1;
|
||||
}
|
||||
|
||||
$opts->{assert_file_validity} = sub {
|
||||
my ($tmp_path) = @_;
|
||||
|
||||
if ($content eq 'iso') {
|
||||
PVE::Storage::assert_iso_content($tmp_path);
|
||||
}
|
||||
};
|
||||
|
||||
my $worker = sub {
|
||||
if ($compression) {
|
||||
die "decompression not supported for $content\n" if $content ne 'iso';
|
||||
|
@ -2196,4 +2196,14 @@ sub get_import_metadata {
|
||||
return $plugin->get_import_metadata($scfg, $volname, $storeid);
|
||||
}
|
||||
|
||||
# dies if the content of the given path is unexpected for an ISO
|
||||
sub assert_iso_content {
|
||||
my ($path) = @_;
|
||||
|
||||
# check for things like backing image
|
||||
file_size_info($path, undef, 1);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
1;
|
||||
|
Loading…
Reference in New Issue
Block a user