[Libguestfs] [PATCH] v2v: tests: avoid '..' in member names for tar
Richard W.M. Jones
rjones at redhat.com
Mon Dec 12 19:33:54 UTC 2016
On Mon, Dec 12, 2016 at 06:28:02PM +0100, Pino Toscano wrote:
> Very recent versions of tar (most probably as a consequence of
> CVE-2016-6321) may refuse archive members with '..', like the relative
> paths to upper level directories.
>
> Since these are just tests, simply copy the files in the temporary
> directories where tar (or zip as well) is run, so all the files are in
> the same directory.
> ---
> v2v/test-v2v-i-ova-formats.sh | 9 +++++----
> v2v/test-v2v-i-ova-gz.sh | 3 ++-
> v2v/test-v2v-i-ova-two-disks.sh | 3 ++-
> 3 files changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/v2v/test-v2v-i-ova-formats.sh b/v2v/test-v2v-i-ova-formats.sh
> index d113994..ab15f32 100755
> --- a/v2v/test-v2v-i-ova-formats.sh
> +++ b/v2v/test-v2v-i-ova-formats.sh
> @@ -59,21 +59,22 @@ pushd $d
> truncate -s 10k disk1.vmdk
> sha=`do_sha1 disk1.vmdk`
> echo -e "SHA1(disk1.vmdk)= $sha\r" > disk1.mf
> +cp ../test-v2v-i-ova-formats.ovf .
>
> for format in $formats; do
> case "$format" in
> tar)
> - tar -cf test-$format.ova ../test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
> + tar -cf test-$format.ova test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
> ;;
> zip)
> - zip -r test ../test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
> + zip -r test test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
> mv test.zip test-$format.ova
> ;;
> tar-gz)
> - tar -czf test-$format.ova ../test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
> + tar -czf test-$format.ova test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
> ;;
> tar-xz)
> - tar -cJf test-$format.ova ../test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
> + tar -cJf test-$format.ova test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
> ;;
> *)
> echo "Unhandled format '$format'"
> diff --git a/v2v/test-v2v-i-ova-gz.sh b/v2v/test-v2v-i-ova-gz.sh
> index a38e1b4..fe2da03 100755
> --- a/v2v/test-v2v-i-ova-gz.sh
> +++ b/v2v/test-v2v-i-ova-gz.sh
> @@ -46,8 +46,9 @@ truncate -s 10k disk1.vmdk
> gzip disk1.vmdk
> sha=`do_sha1 disk1.vmdk.gz`
> echo -e "SHA1(disk1.vmdk.gz)= $sha\r" > disk1.mf
> +cp ../test-v2v-i-ova-gz.ovf .
>
> -tar -cf test.ova ../test-v2v-i-ova-gz.ovf disk1.vmdk.gz disk1.mf
> +tar -cf test.ova test-v2v-i-ova-gz.ovf disk1.vmdk.gz disk1.mf
> popd
>
> # Run virt-v2v but only as far as the --print-source stage, and
> diff --git a/v2v/test-v2v-i-ova-two-disks.sh b/v2v/test-v2v-i-ova-two-disks.sh
> index aefd90e..2bd8a26 100755
> --- a/v2v/test-v2v-i-ova-two-disks.sh
> +++ b/v2v/test-v2v-i-ova-two-disks.sh
> @@ -51,8 +51,9 @@ echo -e "SHA1(disk1.vmdk)= $sha\r" > disk1.mf
> truncate -s 100k disk2.vmdk
> sha=`do_sha1 disk2.vmdk`
> echo -e "SHA1(disk2.vmdk)= $sha\r" > disk2.mf
> +cp ../test-v2v-i-ova-two-disks.ovf .
>
> -tar -cf test.ova ../test-v2v-i-ova-two-disks.ovf disk1.vmdk disk1.mf disk2.vmdk disk2.mf
> +tar -cf test.ova test-v2v-i-ova-two-disks.ovf disk1.vmdk disk1.mf disk2.vmdk disk2.mf
> popd
>
> # Run virt-v2v but only as far as the --print-source stage, and
> --
> 2.7.4
Weird breakage in tar, but ACK.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
More information about the Libguestfs
mailing list