mirror of
git://git.proxmox.com/git/qemu-server.git
synced 2025-01-03 01:17:58 +03:00
remote migration: fix online migration via API clients
As reported in the community forum [0], when a remote migration request comes in via an API client, the -T flag for Perl is set, so an insecure dependency in a call like unlink() in forward_unix_socket() will fail with: > failed to write forwarding command - Insecure dependency in unlink while running with -T switch To fix it, untaint the problematic socket addresses coming from the remote side. Require that all sockets are below '/run/qemu-server/' and end with '.migrate' with the main socket being matched more strictly. This allows extensions in the future while still being quite strict. [0]: https://forum.proxmox.com/threads/123048/post-691958 Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
This commit is contained in:
parent
00d68b8d1a
commit
ea4c1ccb2c
@ -1095,7 +1095,9 @@ sub phase2 {
|
||||
die "only UNIX sockets are supported for remote migration\n"
|
||||
if $tunnel_info->{proto} ne 'unix';
|
||||
|
||||
my $remote_socket = $tunnel_info->{addr};
|
||||
# untaint
|
||||
my ($remote_socket) = $tunnel_info->{addr} =~ m|^(/run/qemu-server/\d+\.migrate)$|
|
||||
or die "unexpected socket address '$tunnel_info->{addr}'\n";
|
||||
my $local_socket = $remote_socket;
|
||||
$local_socket =~ s/$remote_vmid/$vmid/g;
|
||||
$tunnel_info->{addr} = $local_socket;
|
||||
@ -1104,6 +1106,9 @@ sub phase2 {
|
||||
PVE::Tunnel::forward_unix_socket($self->{tunnel}, $local_socket, $remote_socket);
|
||||
|
||||
foreach my $remote_socket (@{$tunnel_info->{unix_sockets}}) {
|
||||
# untaint
|
||||
($remote_socket) = $remote_socket =~ m|^(/run/qemu-server/(?:(?!\.\./).)+\.migrate)$|
|
||||
or die "unexpected socket address '$remote_socket'\n";
|
||||
my $local_socket = $remote_socket;
|
||||
$local_socket =~ s/$remote_vmid/$vmid/g;
|
||||
next if $self->{tunnel}->{forwarded}->{$local_socket};
|
||||
|
Loading…
Reference in New Issue
Block a user