* All "qemu-img info" calls are now run under resource limitations
that limit CPU time to 2 seconds and address space usage to 1 GB.
This helps avoid any DoS attacks via malicious images.
* All "qemu-img convert" calls now specify the import format so that
it does not have to be inferred by qemu-img.
SecurityImpact
Change-Id: Ib900bbc05cb9ccd90c6f56ccb4bf2006e30cdc80
Closes-Bug: #1449062
(cherry picked from commit 69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f)
Reviewed: https:/ /review. openstack. org/377736 /git.openstack. org/cgit/ openstack/ glance/ commit/ ?id=c90830d7196 9f68768d898c1c1 78489f602214e2
Committed: https:/
Submitter: Jenkins
Branch: stable/mitaka
commit c90830d71969f68 768d898c1c17848 9f602214e2
Author: Hemanth Makkapati <email address hidden>
Date: Fri Sep 23 09:29:12 2016 -0500
Adding constraints around qemu-img calls
* All "qemu-img info" calls are now run under resource limitations
that limit CPU time to 2 seconds and address space usage to 1 GB.
This helps avoid any DoS attacks via malicious images.
* All "qemu-img convert" calls now specify the import format so that
it does not have to be inferred by qemu-img.
SecurityImpact
Change-Id: Ib900bbc05cb9cc d90c6f56ccb4bf2 006e30cdc80 c1f84fc7bc9ae23 6b6803d31f)
Closes-Bug: #1449062
(cherry picked from commit 69a9b659fd48aa3