From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id E26301FF15F for ; Mon, 18 Nov 2024 16:30:31 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B93051369B; Mon, 18 Nov 2024 16:29:42 +0100 (CET) From: Dominik Csapak To: pve-devel@lists.proxmox.com Date: Mon, 18 Nov 2024 16:29:19 +0100 Message-Id: <20241118152928.858590-17-d.csapak@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241118152928.858590-1-d.csapak@proxmox.com> References: <20241118152928.858590-1-d.csapak@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.016 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH qemu-server v7 5/5] api: check untrusted image files for import content type X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Y2hlY2sgdG8gYmUgaW1wb3J0ZWQgZmlsZXMgZm9yIGV4dGVybmFsIHJlZmVyZW5jZXMgaWYgdGhl eSBhcmUgb2YKY29udGVudCB0eXBlICdpbXBvcnQnLgoKU2lnbmVkLW9mZi1ieTogRG9taW5payBD c2FwYWsgPGQuY3NhcGFrQHByb3htb3guY29tPgotLS0KY2hhbmdlcyBmcm9tIHY2OgoqIHJlbW92 ZSB1bnVzZWQgJHNjZmcgYXNzaWdubWVudAoKIFBWRS9BUEkyL1FlbXUucG0gfCAxMCArKysrKysr KystCiAxIGZpbGUgY2hhbmdlZCwgOSBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9uKC0pCgpkaWZm IC0tZ2l0IGEvUFZFL0FQSTIvUWVtdS5wbSBiL1BWRS9BUEkyL1FlbXUucG0KaW5kZXggNzAxNTU4 YTcuLjhkYjQ0M2RiIDEwMDY0NAotLS0gYS9QVkUvQVBJMi9RZW11LnBtCisrKyBiL1BWRS9BUEky L1FlbXUucG0KQEAgLTQ0MCw2ICs0NDAsNyBAQCBteSBzdWIgY3JlYXRlX2Rpc2tzIDogcHJvdG90 eXBlKCQkJCQkJCQkJCQkKSB7CiAJCSAgICBteSAoJHZ0eXBlLCB1bmRlZiwgdW5kZWYsIHVuZGVm LCB1bmRlZiwgdW5kZWYsICRmbXQpCiAJCQk9IFBWRTo6U3RvcmFnZTo6cGFyc2Vfdm9sbmFtZSgk c3RvcmVjZmcsICRzb3VyY2UpOwogCQkgICAgbXkgJG5lZWRzX2V4dHJhY3Rpb24gPSBQVkU6OlFl bXVTZXJ2ZXI6OkhlbHBlcnM6Om5lZWRzX2V4dHJhY3Rpb24oJHZ0eXBlLCAkZm10KTsKKwkJICAg IG15ICR1bnRydXN0ZWQgPSAkdnR5cGUgZXEgJ2ltcG9ydCcgPyAxIDogMDsKIAkJICAgIGlmICgk bmVlZHNfZXh0cmFjdGlvbikgewogCQkJcHJpbnQgImV4dHJhY3RpbmcgJHNvdXJjZVxuIjsKIAkJ CW15ICRleHRyYWN0ZWRfdm9saWQgPSBQVkU6Okd1ZXN0SW1wb3J0OjpleHRyYWN0X2Rpc2tfZnJv bV9pbXBvcnRfZmlsZSgKQEAgLTQ1Nyw3ICs0NTgsOCBAQCBteSBzdWIgY3JlYXRlX2Rpc2tzIDog cHJvdG90eXBlKCQkJCQkJCQkJCQkKSB7CiAJCSAgICBpZiAoJGxpdmVfaW1wb3J0ICYmICRkcyBu ZSAnZWZpZGlzazAnKSB7CiAJCQlteSAkcGF0aCA9IFBWRTo6U3RvcmFnZTo6cGF0aCgkc3RvcmVj ZmcsICRzb3VyY2UpCiAJCQkgICAgb3IgZGllICJmYWlsZWQgdG8gZ2V0IGEgcGF0aCBmb3IgJyRz b3VyY2UnXG4iOwotCQkJKCRzaXplLCBteSAkc291cmNlX2Zvcm1hdCkgPSBQVkU6OlN0b3JhZ2U6 OmZpbGVfc2l6ZV9pbmZvKCRwYXRoKTsKKwkJCSPCt2NoZWNrwrdwb3RlbnRpYWxsecK3dW50cnVz dGVkwrdpbWFnZcK3ZmlsZcK3Zm9ywrdpbXBvcnTCt3Z0eXBlCisJCQkoJHNpemUsIG15ICRzb3Vy Y2VfZm9ybWF0KSA9IFBWRTo6U3RvcmFnZTo6ZmlsZV9zaXplX2luZm8oJHBhdGgsIHVuZGVmLCAk dW50cnVzdGVkKTsKIAkJCWRpZSAiY291bGQgbm90IGdldCBmaWxlIHNpemUgb2YgJHBhdGhcbiIg aWYgISRzaXplOwogCQkJJGxpdmVfaW1wb3J0X21hcHBpbmctPnskZHN9ID0gewogCQkJICAgIHBh dGggPT4gJHBhdGgsCkBAIC00NjYsNiArNDY4LDEyIEBAIG15IHN1YiBjcmVhdGVfZGlza3MgOiBw cm90b3R5cGUoJCQkJCQkJCQkJCQpIHsKIAkJCSRsaXZlX2ltcG9ydF9tYXBwaW5nLT57JGRzfS0+ eydkZWxldGUtYWZ0ZXItZmluaXNoJ30gPSAkc291cmNlCiAJCQkgICAgaWYgJG5lZWRzX2V4dHJh Y3Rpb247CiAJCSAgICB9IGVsc2UgeworCQkJIyBjaGVjayBwb3RlbnRpYWxseSB1bnRydXN0ZWQg aW1hZ2UgZmlsZSBmb3IgaW1wb3J0IHZ0eXBlCisJCQlpZiAoJHVudHJ1c3RlZCkgeworCQkJICAg IG15ICRwYXRoID0gUFZFOjpTdG9yYWdlOjpwYXRoKCRzdG9yZWNmZywgJHNvdXJjZSk7CisJCQkg ICAgUFZFOjpTdG9yYWdlOjpmaWxlX3NpemVfaW5mbygkcGF0aCwgdW5kZWYsIDEpOworCQkJfQor CiAJCQlteSAkZGVzdF9pbmZvID0gewogCQkJICAgIHZtaWQgPT4gJHZtaWQsCiAJCQkgICAgZHJp dmVuYW1lID0+ICRkcywKLS0gCjIuMzkuNQoKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXwpwdmUtZGV2ZWwgbWFpbGluZyBsaXN0CnB2ZS1kZXZlbEBsaXN0 cy5wcm94bW94LmNvbQpodHRwczovL2xpc3RzLnByb3htb3guY29tL2NnaS1iaW4vbWFpbG1hbi9s aXN0aW5mby9wdmUtZGV2ZWwK