From 35afe0cb33c986bf595585a716ff259cf3415a1f Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 16 Nov 2010 12:45:50 +0000 Subject: [PATCH] inspect: Check /etc/lsb-release is not too large before calling head on it. --- src/inspect.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/inspect.c b/src/inspect.c index 9c98869..2006bbd 100644 --- a/src/inspect.c +++ b/src/inspect.c @@ -400,11 +400,26 @@ parse_major_minor (guestfs_h *g, struct inspect_fs *fs) static int parse_lsb_release (guestfs_h *g, struct inspect_fs *fs) { + const char *filename = "/etc/lsb-release"; + int64_t size; char **lines; size_t i; int r = 0; - lines = guestfs_head_n (g, 10, "/etc/lsb-release"); + /* Don't trust guestfs_head_n not to break with very large files. + * Check the file size is something reasonable first. + */ + size = guestfs_filesize (g, filename); + if (size == -1) + /* guestfs_filesize failed and has already set error in handle */ + return -1; + if (size > 1000000) { + error (g, _("size of %s is unreasonably large (%" PRIi64 " bytes)"), + filename, size); + return -1; + } + + lines = guestfs_head_n (g, 10, filename); if (lines == NULL) return -1; -- 1.8.3.1