>From 087d9618fd2cb814a351028507c6c6f56aa493fc Mon Sep 17 00:00:00 2001 From: Richard W.M. Jones Date: Fri, 22 Oct 2010 10:59:53 +0100 Subject: [PATCH 5/8] tools: Specify format of disks (RHBZ#642934,CVE-2010-3851). Sys::Guestfs::Lib is changed in two ways: firstly we take the format string from libvirt and pass it to add_drive_opts. Secondly we allow an extra format => parameter to open_guest which allows the format to be specified for disk images. All the tools are changed to add an extra --format parameter allowing the format to be specified for direct disk images. --- inspector/virt-inspector | 29 ++++++++++++++++++-- perl/lib/Sys/Guestfs/Lib.pm | 61 ++++++++++++++++++++++++++----------------- tools/virt-cat | 22 ++++++++++++++- tools/virt-edit | 22 ++++++++++++++- tools/virt-list-filesystems | 22 ++++++++++++++- tools/virt-list-partitions | 22 ++++++++++++++- tools/virt-ls | 22 ++++++++++++++- tools/virt-rescue | 19 +++++++++++++ tools/virt-tar | 19 +++++++++++++ tools/virt-win-reg | 19 +++++++++++++ 10 files changed, 220 insertions(+), 37 deletions(-) diff --git a/inspector/virt-inspector b/inspector/virt-inspector index bfaa50e..36fbfa9 100755 --- a/inspector/virt-inspector +++ b/inspector/virt-inspector @@ -107,6 +107,23 @@ then libvirt is not used at all. =cut +my $format; + +=item B<--format> raw + +Specify the format of disk images given on the command line. If this +is omitted then the format is autodetected from the content of the +disk image. + +If disk images are requested from libvirt, then this program asks +libvirt for this information. In this case, the value of the format +parameter is ignored. + +If working with untrusted raw-format guest disk images, you should +ensure the format is always specified. + +=cut + my $output = "text"; =back @@ -178,6 +195,7 @@ parse information out of the Registry for any Windows guest. GetOptions ("help|?" => \$help, "version" => \$version, "connect|c=s" => \$uri, + "format=s" => \$format, "text" => sub { $output = "text" }, "none" => sub { $output = "none" }, "xml" => sub { $output = "xml" }, @@ -214,11 +232,11 @@ my @images; if ($uri) { my ($conn, $dom); ($g, $conn, $dom, @images) = - open_guest (\@ARGV, rw => $rw, address => $uri); + open_guest (\@ARGV, rw => $rw, address => $uri, format => $format); } else { my ($conn, $dom); ($g, $conn, $dom, @images) = - open_guest (\@ARGV, rw => $rw); + open_guest (\@ARGV, rw => $rw, format => $format); } $g->launch (); @@ -308,7 +326,12 @@ if ($output eq "fish" || $output eq "ro-fish") { } foreach (@images) { - printf "-a %s ", shell_quote ($_); + unless (defined $_->[1]) { + printf "-a %s ", shell_quote ($_->[0]); + } else { + printf "--format %s -a %s ", + shell_quote ($_->[1]), shell_quote ($_->[0]); + } } my $mounts = $oses->{$root_dev}->{mounts}; diff --git a/perl/lib/Sys/Guestfs/Lib.pm b/perl/lib/Sys/Guestfs/Lib.pm index bb97506..2292839 100644 --- a/perl/lib/Sys/Guestfs/Lib.pm +++ b/perl/lib/Sys/Guestfs/Lib.pm @@ -88,7 +88,7 @@ use vars qw(@EXPORT_OK @ISA); $g = open_guest ($name, address => $uri, ...); - $g = open_guest ([$img1, $img2, ...], address => $uri, ...); + $g = open_guest ([$img1, $img2, ...], address => $uri, format => $format, ...); ($g, $conn, $dom, @images) = open_guest ($name); @@ -103,7 +103,8 @@ block. The first parameter is either a string referring to a libvirt domain or a disk image, or (if a guest has several disk images) an arrayref -C<[$img1, $img2, ...]>. +C<[$img1, $img2, ...]>. For disk images, if the C parameter +is specified then that format is forced. The handle is I by default. Use the optional parameter C 1> to open a read-write handle. However if you open a @@ -120,16 +121,16 @@ The implicit libvirt handle is closed after this function, I you call the function in C context, in which case the function returns a tuple of: the open libguestfs handle, the open libvirt handle, and the open libvirt domain handle, and a list of -images. (This is useful if you want to do other things like pulling -the XML description of the guest). Note that if this is a straight -disk image, then C<$conn> and C<$dom> will be C. +[image,format] pairs. (This is useful if you want to do other things +like pulling the XML description of the guest). Note that if this is +a straight disk image, then C<$conn> and C<$dom> will be C. If the C module is not available, then libvirt is bypassed, and this function can only open disk images. -The optional C parameter can be used to open devices with -C. See -L for more details. +The optional C parameter can be used to open devices with a +specified qemu interface. See L +for more details. =cut @@ -142,6 +143,7 @@ sub open_guest my $rw = $params{rw}; my $address = $params{address}; my $interface = $params{interface}; + my $format = $params{format}; # undef == autodetect my @images = (); if (ref ($first) eq "ARRAY") { @@ -167,6 +169,8 @@ sub open_guest imagename => $_) unless -r $_; } + + @images = map { [ $_, $format ] } @images; } else { die __"open_guest: no libvirt support (install Sys::Virt, XML::XPath and XML::XPath::XMLParser)" unless exists $INC{"Sys/Virt.pm"} && @@ -211,32 +215,41 @@ sub open_guest my $xml = $dom->get_xml_description (); my $p = XML::XPath->new (xml => $xml); - my @disks = $p->findnodes ('//devices/disk/source/@dev'); - push (@disks, $p->findnodes ('//devices/disk/source/@file')); + my $nodes = $p->find ('//devices/disk'); + + my @disks = (); + my $node; + foreach $node ($nodes->get_nodelist) { + # The filename can be in dev or file attribute, hence: + my $filename = $p->find ('./source/@dev', $node); + unless ($filename) { + $filename = $p->find ('./source/@file', $node); + next unless $filename; + } + $filename = $filename->to_literal; + + # Get the disk format (may not be set). + my $format = $p->find ('./driver/@type', $node); + $format = $format->to_literal if $format; + + push @disks, [ $filename, $format ]; + } die __x("{imagename} seems to have no disk devices\n", imagename => $images[0]) unless @disks; - @images = map { $_->getData } @disks; + @images = @disks; } # We've now got the list of @images, so feed them to libguestfs. my $g = Sys::Guestfs->new (); foreach (@images) { - if ($rw) { - if ($interface) { - $g->add_drive_with_if ($_, $interface); - } else { - $g->add_drive ($_); - } - } else { - if ($interface) { - $g->add_drive_ro_with_if ($_, $interface); - } else { - $g->add_drive_ro ($_); - } - } + my @args = ($_->[0]); + push @args, format => $_->[1] if defined $_->[1]; + push @args, readonly => 1 unless $rw; + push @args, iface => $interface if defined $interface; + $g->add_drive_opts (@args); } return wantarray ? ($g, $conn, $dom, @images) : $g diff --git a/tools/virt-cat b/tools/virt-cat index 67506c0..66806a1 100755 --- a/tools/virt-cat +++ b/tools/virt-cat @@ -109,6 +109,23 @@ connect to the default libvirt hypervisor. If you specify guest block devices directly, then libvirt is not used at all. +=cut + +my $format; + +=item B<--format> raw + +Specify the format of disk images given on the command line. If this +is omitted then the format is autodetected from the content of the +disk image. + +If disk images are requested from libvirt, then this program asks +libvirt for this information. In this case, the value of the format +parameter is ignored. + +If working with untrusted raw-format guest disk images, you should +ensure the format is always specified. + =back =cut @@ -116,6 +133,7 @@ at all. GetOptions ("help|?" => \$help, "version" => \$version, "connect|c=s" => \$uri, + "format=s" => \$format, ) or pod2usage (2); pod2usage (1) if $help; if ($version) { @@ -132,9 +150,9 @@ my $filename = pop @ARGV; my $g; if ($uri) { - $g = open_guest (\@ARGV, address => $uri); + $g = open_guest (\@ARGV, address => $uri, format => $format); } else { - $g = open_guest (\@ARGV); + $g = open_guest (\@ARGV, format => $format); } $g->launch (); diff --git a/tools/virt-edit b/tools/virt-edit index 59b5b2b..887ef4b 100755 --- a/tools/virt-edit +++ b/tools/virt-edit @@ -120,6 +120,23 @@ at all. =cut +my $format; + +=item B<--format> raw + +Specify the format of disk images given on the command line. If this +is omitted then the format is autodetected from the content of the +disk image. + +If disk images are requested from libvirt, then this program asks +libvirt for this information. In this case, the value of the format +parameter is ignored. + +If working with untrusted raw-format guest disk images, you should +ensure the format is always specified. + +=cut + my $expr; =item B<--expr EXPR> | B<-e EXPR> @@ -138,6 +155,7 @@ being altered by the shell. GetOptions ("help|?" => \$help, "version" => \$version, "connect|c=s" => \$uri, + "format=s" => \$format, "expr|e=s" => \$expr, "backup|b=s" => \$backup, ) or pod2usage (2); @@ -156,9 +174,9 @@ my $filename = pop @ARGV; my $g; if ($uri) { - $g = open_guest (\@ARGV, address => $uri, rw => 1); + $g = open_guest (\@ARGV, address => $uri, rw => 1, format => $format); } else { - $g = open_guest (\@ARGV, rw => 1); + $g = open_guest (\@ARGV, rw => 1, format => $format); } $g->launch (); diff --git a/tools/virt-list-filesystems b/tools/virt-list-filesystems index 7b4d5ad..5f545cf 100755 --- a/tools/virt-list-filesystems +++ b/tools/virt-list-filesystems @@ -81,6 +81,23 @@ at all. =cut +my $format; + +=item B<--format> raw + +Specify the format of disk images given on the command line. If this +is omitted then the format is autodetected from the content of the +disk image. + +If disk images are requested from libvirt, then this program asks +libvirt for this information. In this case, the value of the format +parameter is ignored. + +If working with untrusted raw-format guest disk images, you should +ensure the format is always specified. + +=cut + my $long; =item B<-l> | B<--long> @@ -107,6 +124,7 @@ Getopt::Long::Configure ("bundling"); GetOptions ("help|?" => \$help, "version" => \$version, "connect|c=s" => \$uri, + "format=s" => \$format, "long|l" => \$long, "all|a" => \$all, ) or pod2usage (2); @@ -123,9 +141,9 @@ pod2usage (__"virt-list-filesystems: no image or VM name given") my $g; if ($uri) { - $g = open_guest (\@ARGV, address => $uri); + $g = open_guest (\@ARGV, address => $uri, format => $format); } else { - $g = open_guest (\@ARGV); + $g = open_guest (\@ARGV, format => $format); } $g->launch (); diff --git a/tools/virt-list-partitions b/tools/virt-list-partitions index 0edecc4..53059b4 100755 --- a/tools/virt-list-partitions +++ b/tools/virt-list-partitions @@ -82,6 +82,23 @@ at all. =cut +my $format; + +=item B<--format> raw + +Specify the format of disk images given on the command line. If this +is omitted then the format is autodetected from the content of the +disk image. + +If disk images are requested from libvirt, then this program asks +libvirt for this information. In this case, the value of the format +parameter is ignored. + +If working with untrusted raw-format guest disk images, you should +ensure the format is always specified. + +=cut + my $human; =item B<-h> | B<--human-readable> @@ -116,6 +133,7 @@ Getopt::Long::Configure ("bundling"); GetOptions ("help|?" => \$help, "version" => \$version, "connect|c=s" => \$uri, + "format=s" => \$format, "human-readable|h" => \$human, "long|l" => \$long, "total|t" => \$total, @@ -133,9 +151,9 @@ pod2usage (__"virt-list-partitions: no image or VM name given") my $g; if ($uri) { - $g = open_guest (\@ARGV, address => $uri); + $g = open_guest (\@ARGV, address => $uri, format => $format); } else { - $g = open_guest (\@ARGV); + $g = open_guest (\@ARGV, format => $format); } $g->launch (); diff --git a/tools/virt-ls b/tools/virt-ls index 9271a91..f0ac3f3 100755 --- a/tools/virt-ls +++ b/tools/virt-ls @@ -110,6 +110,23 @@ at all. =cut +my $format; + +=item B<--format> raw + +Specify the format of disk images given on the command line. If this +is omitted then the format is autodetected from the content of the +disk image. + +If disk images are requested from libvirt, then this program asks +libvirt for this information. In this case, the value of the format +parameter is ignored. + +If working with untrusted raw-format guest disk images, you should +ensure the format is always specified. + +=cut + my $mode; =item B<-l> | B<--long> @@ -147,6 +164,7 @@ sub set_mode_R GetOptions ("help|?" => \$help, "version" => \$version, "connect|c=s" => \$uri, + "format=s" => \$format, "long|l" => \&set_mode_l, "recursive|R" => \&set_mode_R, ) or pod2usage (2); @@ -165,9 +183,9 @@ my $directory = pop @ARGV; my $g; if ($uri) { - $g = open_guest (\@ARGV, address => $uri); + $g = open_guest (\@ARGV, address => $uri, format => $format); } else { - $g = open_guest (\@ARGV); + $g = open_guest (\@ARGV, format => $format); } $g->launch (); diff --git a/tools/virt-rescue b/tools/virt-rescue index b8902a5..40245c7 100755 --- a/tools/virt-rescue +++ b/tools/virt-rescue @@ -142,6 +142,23 @@ at all. =cut +my $format; + +=item B<--format> raw + +Specify the format of disk images given on the command line. If this +is omitted then the format is autodetected from the content of the +disk image. + +If disk images are requested from libvirt, then this program asks +libvirt for this information. In this case, the value of the format +parameter is ignored. + +If working with untrusted raw-format guest disk images, you should +ensure the format is always specified. + +=cut + my $memsize; =item B<--memsize MB> | B<-m MB> @@ -180,6 +197,7 @@ GetOptions ("help|?" => \$help, "version" => \$version, "append=s" => \$append, "connect|c=s" => \$uri, + "format=s" => \$format, "memsize|m=i" => \$memsize, "ro|r" => \$readonly, "selinux" => \$selinux, @@ -198,6 +216,7 @@ pod2usage (__"virt-rescue: no image or VM names rescue given") my @args = (\@ARGV); push @args, address => $uri if $uri; push @args, rw => 1 unless $readonly; +push @args, format => $format if defined $format; my $g = open_guest (@args); # Setting "direct mode" is required for the rescue appliance. diff --git a/tools/virt-tar b/tools/virt-tar index 5e6e95a..ea33fcf 100755 --- a/tools/virt-tar +++ b/tools/virt-tar @@ -130,6 +130,23 @@ at all. =cut +my $format; + +=item B<--format> raw + +Specify the format of disk images given on the command line. If this +is omitted then the format is autodetected from the content of the +disk image. + +If disk images are requested from libvirt, then this program asks +libvirt for this information. In this case, the value of the format +parameter is ignored. + +If working with untrusted raw-format guest disk images, you should +ensure the format is always specified. + +=cut + my $mode; =item B<-x> | B<--extract> | B<--download> @@ -175,6 +192,7 @@ Getopt::Long::Configure ("bundling"); GetOptions ("help|?" => \$help, "version" => \$version, "connect|c=s" => \$uri, + "format=s" => \$format, "extract|download|x" => \&set_mode_x, "upload|u" => \&set_mode_u, "gzip|z" => \$gzip, @@ -211,6 +229,7 @@ die __x("virt-tar: {dir}: directory name must start with '/' character\n", my @args = (\@ARGV); push @args, address => $uri if $uri; push @args, rw => 1 if $mode eq "u"; +push @args, format => $format if defined $format; my $g = open_guest (@args); $g->launch (); diff --git a/tools/virt-win-reg b/tools/virt-win-reg index 16688f4..ed298fb 100755 --- a/tools/virt-win-reg +++ b/tools/virt-win-reg @@ -211,6 +211,23 @@ at all. =cut +my $format; + +=item B<--format> raw + +Specify the format of disk images given on the command line. If this +is omitted then the format is autodetected from the content of the +disk image. + +If disk images are requested from libvirt, then this program asks +libvirt for this information. In this case, the value of the format +parameter is ignored. + +If working with untrusted raw-format guest disk images, you should +ensure the format is always specified. + +=cut + my $merge; =item B<--merge> @@ -244,6 +261,7 @@ GetOptions ("help|?" => \$help, "version" => \$version, "connect|c=s" => \$uri, "debug|d" => \$debug, + "format=s" => \$format, "merge" => \$merge, "encoding=s" => \$encoding, ) or pod2usage (2); @@ -264,6 +282,7 @@ warn "launching libguestfs ..." if $debug; my @lib_args = ([$domname_or_image]); push @lib_args, address => $uri if $uri; push @lib_args, rw => 1 if $merge; +push @lib_args, format => $format if defined $format; my $g = open_guest (@lib_args); $g->launch (); -- 1.7.3.1