Suggested-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
Signed-off-by: Fiona Ebner <f.eb...@proxmox.com>
---

No changes in v4.

NOTE: actual checking being done depends on Fabian's hardening patches:
https://lore.proxmox.com/pve-devel/20241104104221.228730-1-f.gruenbich...@proxmox.com/

 PVE/QemuServer.pm | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 8beb8940..3f0e06a7 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -7388,6 +7388,12 @@ sub restore_external_archive {
                $backup_provider->restore_vm_volume_init($volname, $storeid, 
$d->{devname}, {});
            my $source_path = $info->{'qemu-img-path'}
                or die "did not get source image path from backup provider\n";
+
+           print "importing drive '$d->{devname}' from '$source_path'\n";
+
+           # safety check for untrusted source image
+           PVE::Storage::file_size_info($source_path, undef, 1);
+
            eval {
                qemu_img_convert(
                    $source_path, $d->{volid}, $d->{size}, undef, 0, 
$options->{bwlimit});
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to