X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=src%2Ffilearch.c;h=0ed64257226ec39f78eaafd031c908a939dcfa84;hb=e1c6d1738a2b9123dd08fb4ecff8176daf558f35;hp=35a2ceb1963818624670a95b88e5e8779458eeb7;hpb=a0b4caa0821b759de01361b7019c9c9c9607027d;p=libguestfs.git diff --git a/src/filearch.c b/src/filearch.c index 35a2ceb..0ed6425 100644 --- a/src/filearch.c +++ b/src/filearch.c @@ -26,9 +26,8 @@ #include #include -#ifdef HAVE_PCRE #include -#endif + #ifdef HAVE_LIBMAGIC #include #endif @@ -40,7 +39,7 @@ #include "guestfs-internal-actions.h" #include "guestfs_protocol.h" -#if defined(HAVE_PCRE) && defined(HAVE_LIBMAGIC) +#if defined(HAVE_LIBMAGIC) static pcre *re_file_elf; static pcre *re_elf_ppc64; @@ -147,6 +146,14 @@ cpio_arch (guestfs_h *g, const char *file, const char *path) else method = "cat"; + /* Security: Refuse to download initrd if it is huge. */ + int64_t size = guestfs_filesize (g, path); + if (size == -1 || size > 100000000) { + error (g, _("size of %s unreasonable (%" PRIi64 " bytes)"), + path, size); + goto out; + } + if (mkdtemp (dir) == NULL) { perrorf (g, "mkdtemp"); goto out; @@ -250,12 +257,12 @@ guestfs__file_architecture (guestfs_h *g, const char *path) return ret; /* caller frees */ } -#else /* no PCRE or libmagic at compile time */ +#else /* no libmagic at compile time */ /* XXX Should be an optgroup. */ #define NOT_IMPL(r) \ - error (g, _("file-architecture API not available since this version of libguestfs was compiled without PCRE or libmagic libraries")); \ + error (g, _("file-architecture API not available since this version of libguestfs was compiled without the libmagic library")); \ return r char * @@ -264,4 +271,4 @@ guestfs__file_architecture (guestfs_h *g, const char *path) NOT_IMPL(NULL); } -#endif /* no PCRE or libmagic at compile time */ +#endif /* no libmagic at compile time */