filearch: Refuse to download initrd if it is huge.
authorRichard W.M. Jones <rjones@redhat.com>
Sat, 13 Nov 2010 14:58:50 +0000 (14:58 +0000)
committerRichard W.M. Jones <rjones@redhat.com>
Thu, 18 Nov 2010 11:55:21 +0000 (11:55 +0000)
(cherry picked from commit b943d06466724df39b7261ce75e43b0201ed7372)

src/filearch.c

index 35a2ceb..14c7c02 100644 (file)
@@ -147,6 +147,14 @@ cpio_arch (guestfs_h *g, const char *file, const char *path)
   else
     method = "cat";
 
+  /* Security: Refuse to download initrd if it is huge. */
+  int64_t size = guestfs_filesize (g, path);
+  if (size == -1 || size > 100000000) {
+    error (g, _("size of %s unreasonable (%" PRIi64 " bytes)"),
+           path, size);
+    goto out;
+  }
+
   if (mkdtemp (dir) == NULL) {
     perrorf (g, "mkdtemp");
     goto out;