lib: create: Allow any [[:alnum:]]+ string as a backingfmt parameter (RHBZ#1459979).

If you use the libguestfs tools which open disk images read-only (eg. virt-df), with formats such as 'vdi', then you will see an error: error: invalid value for backingformat parameter 'vdi' This is because opening a disk image read-only will try to create a qcow2 file with the original image as a backing file. However the list of permitted backing formats was very restrictive and did not include 'vdi' (nor many other uncommon formats). Instead of using a whitelist for backing formats, just validate that the string is alphanumeric and short. Thanks: Mike Goodwin for reporting the bug.
2026-03-21 22:53:37 +00:00 · 2017-06-08 08:16:04 +01:00
parent 0b8556695f
commit 5856323e6f
1 changed files with 9 additions and 6 deletions
--- a/lib/create.c
+++ b/lib/create.c
@@ -241,6 +241,14 @@ is_power_of_2 (unsigned v)
  return v && ((v & (v - 1)) == 0);
 }

+/**
+ * Check for valid backing format.  Allow any C<^[[:alnum]]+$>
+ * (in C locale), but limit the length to something reasonable.
+ */
+#define VALID_FORMAT(format) \
+  guestfs_int_string_is_valid ((format), 1, 16, \
+                               VALID_FLAG_ALPHA|VALID_FLAG_DIGIT, "")
+
 static int
 disk_create_qcow2 (guestfs_h *g, const char *orig_filename, int64_t size,
                   const char *backingfile,
@@ -267,12 +275,7 @@ disk_create_qcow2 (guestfs_h *g, const char *orig_filename, int64_t size,

  if (optargs->bitmask & GUESTFS_DISK_CREATE_BACKINGFORMAT_BITMASK) {
    backingformat = optargs->backingformat;
-    /* Conservative whitelist.  This can be extended with other
-     * valid formats as required.
-     */
-    if (STRNEQ (backingformat, "raw") &&
-        STRNEQ (backingformat, "qcow2") &&
-        STRNEQ (backingformat, "vmdk")) {
+    if (!VALID_FORMAT (backingformat)) {
      error (g, _("invalid value for backingformat parameter ‘%s’"),
             backingformat);
      return -1;