lxd: Prevent conversion from OVA file format (#13877)

Prevents conversion from OVA file format. On the server side we check whether the file is a tarball when the file is uploaded. To prevent file from being uploaded in the first place, we also use the same check in `lxd-migrate`.
canonical · Aug 5, 2024 · c1e264d · c1e264d
2 parents c795f4d + 5befe3d
commit c1e264d
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 3 deletions.
diff --git a/lxd-migrate/main_migrate.go b/lxd-migrate/main_migrate.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"archive/tar"
 	"bufio"
 	"context"
 	"errors"
@@ -357,11 +358,19 @@ func (c *cmdMigrate) runInteractive(server lxd.InstanceServer) (cmdMigrateData,
 			}
 		}
 
-		_, err := os.Stat(s)
+		file, err := os.Open(s)
 		if err != nil {
 			return err
 		}
 
+		defer file.Close()
+
+		// Ensure the source file is not a tarball.
+		_, err = tar.NewReader(file).Next()
+		if err == nil {
+			return fmt.Errorf("Source cannot be a tar archive or OVA file")
+		}
+
 		return nil
 	})
 	if err != nil {

diff --git a/lxd/storage/backend_lxd.go b/lxd/storage/backend_lxd.go
@@ -1,6 +1,7 @@
 package storage
 
 import (
+	"archive/tar"
 	"archive/zip"
 	"context"
 	"encoding/json"
@@ -1883,7 +1884,7 @@ func (b *lxdBackend) recvVolumeFiller(conn io.ReadWriteCloser, contentType drive
 			}
 		} else {
 			// Receive block volume.
-			to, err := os.OpenFile(rootBlockPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0600)
+			to, err := os.OpenFile(rootBlockPath, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0600)
 			if err != nil {
 				return -1, fmt.Errorf("Error opening file for writing %q: %w", rootBlockPath, err)
 			}
@@ -1929,6 +1930,18 @@ func (b *lxdBackend) recvBlockVol(toFile *os.File, volName string, conn io.ReadW
 		return fmt.Errorf("Error copying from migration connection to %q: %w", toFile.Name(), err)
 	}
 
+	// Reset the file's read pointer to the beginning, otherwise we cannot read the tar's header.
+	_, err = toFile.Seek(0, io.SeekStart)
+	if err != nil {
+		return err
+	}
+
+	// Ensure that the received file is not a tarball, which is also the case for OVA format.
+	_, err = tar.NewReader(toFile).Next()
+	if err == nil {
+		return fmt.Errorf("Instance cannot be imported from a tar archive or OVA file")
+	}
+
 	return toFile.Close()
 }
 
@@ -2469,7 +2482,7 @@ func (b *lxdBackend) CreateInstanceFromConversion(inst instance.Instance, conn i
 		imgPath := filepath.Join(shared.VarPath("backups"), conversionID)
 
 		// Create new file in backups directory.
-		to, err := os.OpenFile(imgPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0600)
+		to, err := os.OpenFile(imgPath, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0600)
 		if err != nil {
 			return fmt.Errorf("Error opening file for writing %q: %w", imgPath, err)
 		}