[Libguestfs] [PATCH] v2v: tests: avoid '..' in member names for tar

Mon Dec 12 17:28:02 UTC 2016

Very recent versions of tar (most probably as a consequence of
CVE-2016-6321) may refuse archive members with '..', like the relative
paths to upper level directories.

Since these are just tests, simply copy the files in the temporary
directories where tar (or zip as well) is run, so all the files are in
the same directory.
---
 v2v/test-v2v-i-ova-formats.sh   | 9 +++++----
 v2v/test-v2v-i-ova-gz.sh        | 3 ++-
 v2v/test-v2v-i-ova-two-disks.sh | 3 ++-
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/v2v/test-v2v-i-ova-formats.sh b/v2v/test-v2v-i-ova-formats.sh
index d113994..ab15f32 100755
--- a/v2v/test-v2v-i-ova-formats.sh
+++ b/v2v/test-v2v-i-ova-formats.sh
@@ -59,21 +59,22 @@ pushd $d
 truncate -s 10k disk1.vmdk
 sha=`do_sha1 disk1.vmdk`
 echo -e "SHA1(disk1.vmdk)= $sha\r" > disk1.mf
+cp ../test-v2v-i-ova-formats.ovf .
 
 for format in $formats; do
     case "$format" in
         tar)
-            tar -cf test-$format.ova ../test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
+            tar -cf test-$format.ova test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
             ;;
         zip)
-            zip -r test ../test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
+            zip -r test test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
             mv test.zip test-$format.ova
             ;;
         tar-gz)
-            tar -czf test-$format.ova ../test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
+            tar -czf test-$format.ova test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
             ;;
         tar-xz)
-            tar -cJf test-$format.ova ../test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
+            tar -cJf test-$format.ova test-v2v-i-ova-formats.ovf disk1.vmdk disk1.mf
             ;;
         *)
             echo "Unhandled format '$format'"
diff --git a/v2v/test-v2v-i-ova-gz.sh b/v2v/test-v2v-i-ova-gz.sh
index a38e1b4..fe2da03 100755
--- a/v2v/test-v2v-i-ova-gz.sh
+++ b/v2v/test-v2v-i-ova-gz.sh
@@ -46,8 +46,9 @@ truncate -s 10k disk1.vmdk
 gzip disk1.vmdk
 sha=`do_sha1 disk1.vmdk.gz`
 echo -e "SHA1(disk1.vmdk.gz)= $sha\r" > disk1.mf
+cp ../test-v2v-i-ova-gz.ovf .
 
-tar -cf test.ova ../test-v2v-i-ova-gz.ovf disk1.vmdk.gz disk1.mf
+tar -cf test.ova test-v2v-i-ova-gz.ovf disk1.vmdk.gz disk1.mf
 popd
 
 # Run virt-v2v but only as far as the --print-source stage, and
diff --git a/v2v/test-v2v-i-ova-two-disks.sh b/v2v/test-v2v-i-ova-two-disks.sh
index aefd90e..2bd8a26 100755
--- a/v2v/test-v2v-i-ova-two-disks.sh
+++ b/v2v/test-v2v-i-ova-two-disks.sh
@@ -51,8 +51,9 @@ echo -e "SHA1(disk1.vmdk)= $sha\r" > disk1.mf
 truncate -s 100k disk2.vmdk
 sha=`do_sha1 disk2.vmdk`
 echo -e "SHA1(disk2.vmdk)= $sha\r" > disk2.mf
+cp ../test-v2v-i-ova-two-disks.ovf .
 
-tar -cf test.ova ../test-v2v-i-ova-two-disks.ovf disk1.vmdk disk1.mf disk2.vmdk disk2.mf
+tar -cf test.ova test-v2v-i-ova-two-disks.ovf disk1.vmdk disk1.mf disk2.vmdk disk2.mf
 popd
 
 # Run virt-v2v but only as far as the --print-source stage, and
-- 
2.7.4


