From 59a84673079f9763e9507733e308442397aba703 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Wed, 5 Jun 2024 19:56:51 -0400
Subject: [PATCH 3/5] iotests/270: Don't store data-file with json: prefix in
 image

RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 5: EMBARGOED CVE-2024-4467 for rhel-8.10.z (PRDSC)
RH-Jira: RHEL-35616
RH-CVE: CVE-2024-4467
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Commit: [3/5] ac08690fd3ea3af6e24b2f6a8beedcfe469917a8

commit 705bcc2819ce8e0f8b9d660a93bc48de26413aec
Author: Kevin Wolf <kwolf@redhat.com>
Date:   Thu Apr 25 14:49:40 2024 +0200

    iotests/270: Don't store data-file with json: prefix in image

    We want to disable filename parsing for data files because it's too easy
    to abuse in malicious image files. Make the test ready for the change by
    passing the data file explicitly in command line options.

    Signed-off-by: Kevin Wolf <kwolf@redhat.com>
    Reviewed-by: Eric Blake <eblake@redhat.com>
    Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
    Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
    Upstream: N/A, embargoed
    Signed-off-by: Hanna Czenczek <hreitz@redhat.com>

Signed-off-by: Jon Maloy <jmaloy@redhat.com>

Upstream-Status: Backport [import from rhel8 qemu-kvm-6.2.0-50.module+el8.10.0+22027+db0a70a4.src.rpm
Upstream commit https://gitlab.com/qemu-project/qemu/-/commit/7e1110664ecbc4826f3c978ccb06b6c1bce823e6]
CVE: CVE-2024-4467
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 tests/qemu-iotests/270 | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/tests/qemu-iotests/270 b/tests/qemu-iotests/270
index 74352342db..c37b674aa2 100755
--- a/tests/qemu-iotests/270
+++ b/tests/qemu-iotests/270
@@ -60,8 +60,16 @@ _make_test_img -o cluster_size=2M,data_file="$TEST_IMG.orig" \
 # "write" 2G of data without using any space.
 # (qemu-img create does not like it, though, because null-co does not
 # support image creation.)
-$QEMU_IMG amend -o data_file="json:{'driver':'null-co',,'size':'4294967296'}" \
-    "$TEST_IMG"
+test_img_with_null_data="json:{
+    'driver': '$IMGFMT',
+    'file': {
+        'filename': '$TEST_IMG'
+    },
+    'data-file': {
+        'driver': 'null-co',
+        'size':'4294967296'
+    }
+}"
 
 # This gives us a range of:
 #   2^31 - 512 + 768 - 1 = 2^31 + 255 > 2^31
@@ -74,7 +82,7 @@ $QEMU_IMG amend -o data_file="json:{'driver':'null-co',,'size':'4294967296'}" \
 # on L2 boundaries, we need large L2 tables; hence the cluster size of
 # 2 MB.  (Anything from 256 kB should work, though, because then one L2
 # table covers 8 GB.)
-$QEMU_IO -c "write 768 $((2 ** 31 - 512))" "$TEST_IMG" | _filter_qemu_io
+$QEMU_IO -c "write 768 $((2 ** 31 - 512))" "$test_img_with_null_data" | _filter_qemu_io
 
 _check_test_img
 
-- 
2.39.3