Sanitize EC2 manifests and image tarballs

Prevent potential directory traversal with malicious EC2 image tarballs,
by making sure the tarfile is safe before unpacking it. Fixes bug 894755

Prevent potential directory traversal with malicious file names in
EC2 image manifests. Fixes bug 885167

Change-Id: If6109047307bd6e654ee9d1254f0d7f31cf741c1

3 files changed, 10 insertions, 0 deletions

diff --git a/nova/tests/image/abs.tar.gz b/nova/tests/image/abs.tar.gz
new file mode 100644
index 000000000..4d3950734
--- /dev/null
+++ b/nova/tests/image/abs.tar.gz
diff --git a/nova/tests/image/rel.tar.gz b/nova/tests/image/rel.tar.gz
new file mode 100644
index 000000000..b54f55aa7
--- /dev/null
+++ b/nova/tests/image/rel.tar.gz
diff --git a/nova/tests/image/test_s3.py b/nova/tests/image/test_s3.py
index 02f66fce1..2a9d279f4 100644
--- a/nova/tests/image/test_s3.py
+++ b/nova/tests/image/test_s3.py
@@ -15,6 +15,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import os
+
 from nova import context
 import nova.db.api
 from nova import exception
@@ -130,3 +132,11 @@ class TestS3ImageService(test.TestCase):
             {'device_name': '/dev/sdb0',
              'no_device': True}]
         self.assertEqual(block_device_mapping, expected_bdm)
+
+    def test_s3_malicious_tarballs(self):
+        self.assertRaises(exception.Error,
+            self.image_service._test_for_malicious_tarball,
+            "/unused", os.path.join(os.path.dirname(__file__), 'abs.tar.gz'))
+        self.assertRaises(exception.Error,
+            self.image_service._test_for_malicious_tarball,
+            "/unused", os.path.join(os.path.dirname(__file__), 'rel.tar.gz'))