yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2006490] Re: Limit CaptureRegion sizes in format_inspector for VMDK and VHDX

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Abhishek Kekane <2006490@xxxxxxxxxxxxxxxxxx>
Date: Tue, 07 Feb 2023 16:46:43 -0000
Reply-to: Bug 2006490 <2006490@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Fixed in master with,
https://review.opendev.org/c/openstack/glance/+/871831

** Also affects: glance/zed
   Importance: Undecided
       Status: Fix Committed

** Also affects: glance/xena
   Importance: Undecided
       Status: New

** Also affects: glance/yoga
   Importance: Undecided
       Status: New

** Changed in: glance/zed
       Status: Fix Committed => New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/2006490

Title:
  Limit CaptureRegion sizes in format_inspector for VMDK and VHDX

Status in Glance:
  In Progress
Status in Glance xena series:
  New
Status in Glance yoga series:
  New
Status in Glance zed series:
  In Progress

Bug description:
  VMDK:
  When parsing a VMDK file to calculate its size, the format_inspector
  determines the location of the Descriptor section by reading two
  uint64 from the headers of the file and uses them to create the
  descriptor CaptureRegion.

  It would be possible to craft a VMDK file that commands the
  format_inspector to create a very big CaptureRegion, thus exhausting
  resources on the glance-api process.

  VHDX:
  It is a bit more involved, but similar: when looking for the
  VIRTUAL_DISK_SIZE metadata, the format_inspector was creating an
  unbounded CaptureRegion.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/2006490/+subscriptions

References

[Bug 2006490] [NEW] Limit CaptureRegion sizes in format_inspector for VMDK and VHDX
From: Abhishek Kekane, 2023-02-07