Comment 19 for bug 1415087
Revision history for this message
| Bastian Blank (waldi) wrote Re: [Bug 1415087] Re: Format-guessing and file disclosure in image convert | #19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
On Fri, Feb 27, 2015 at 04:52:32AM -0000, Tony Breeds wrote:
> @ttx nova is certainly vulnerable in the snapshot case. From what I see
> nova may *also* be vulnerable (at least in theory) when creating
> instances.
I tried that and was unable to get past the initial check. However this
code does a blacklist test instead of a whitelist tests of features the
image may have.
Okay, it parses the output of "qemu-img info", which looks more like it
is created for human, not machine consumption.
Bastian
--
The heart is not a logical organ.
-- Dr. Janet Wallace, "The Deadly Years", stardate 3479.4