Sanitize EC2 manifests and image tarballs

Prevent potential directory traversal with malicious EC2 image tarballs, by making sure the tarfile is safe before unpacking it. Fixes bug 894755 Prevent potential directory traversal with malicious file names in EC2 image manifests. Fixes bug 885167 Change-Id: If6109047307bd6e654ee9d1254f0d7f31cf741c1
author: Thierry Carrez <thierry@openstack.org> 2011-12-01 17:54:16 +0100
committer: Thierry Carrez <thierry@openstack.org> 2011-12-13 16:00:41 +0100
commit: ad3241929ea00569c74505ed002208ce360c667e (patch)
tree: 65899f31be605276b4dca6b867452cbd981f3cf3 /MANIFEST.in
parent: 1c0859283f4e497cc9abea06039f5595406208ef (diff)
download: nova-ad3241929ea00569c74505ed002208ce360c667e.tar.gz
nova-ad3241929ea00569c74505ed002208ce360c667e.tar.xz
nova-ad3241929ea00569c74505ed002208ce360c667e.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/MANIFEST.in b/MANIFEST.in
index b10dafc7b..2a947f823 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -37,6 +37,7 @@ include nova/tests/bundle/1mb.part.0
 include nova/tests/bundle/1mb.part.1
 include nova/tests/api/ec2/public_key/*
 include nova/tests/db/nova.austin.sqlite
+include nova/tests/image/*.tar.gz
 include plugins/xenapi/README
 include plugins/xenapi/etc/xapi.d/plugins/objectstore
 include plugins/xenapi/etc/xapi.d/plugins/pluginlib_nova.py
author	Thierry Carrez <thierry@openstack.org>	2011-12-01 17:54:16 +0100
committer	Thierry Carrez <thierry@openstack.org>	2011-12-13 16:00:41 +0100
commit	ad3241929ea00569c74505ed002208ce360c667e (patch)
tree	65899f31be605276b4dca6b867452cbd981f3cf3 /MANIFEST.in
parent	1c0859283f4e497cc9abea06039f5595406208ef (diff)
download	nova-ad3241929ea00569c74505ed002208ce360c667e.tar.gz nova-ad3241929ea00569c74505ed002208ce360c667e.tar.xz nova-ad3241929ea00569c74505ed002208ce360c667e.zip