X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=blobdiff_plain;f=src%2Ffilearch.c;h=14c7c02741edf66c74eb3894263726ec184b6ebf;hp=35a2ceb1963818624670a95b88e5e8779458eeb7;hb=47af6aaab8f2dde736951b4e549c2638d942dae5;hpb=a0b4caa0821b759de01361b7019c9c9c9607027d

diff --git a/src/filearch.c b/src/filearch.c
index 35a2ceb..14c7c02 100644
--- a/src/filearch.c
+++ b/src/filearch.c
@@ -147,6 +147,14 @@ cpio_arch (guestfs_h *g, const char *file, const char *path)
   else
     method = "cat";
 
+  /* Security: Refuse to download initrd if it is huge. */
+  int64_t size = guestfs_filesize (g, path);
+  if (size == -1 || size > 100000000) {
+    error (g, _("size of %s unreasonable (%" PRIi64 " bytes)"),
+           path, size);
+    goto out;
+  }
+
   if (mkdtemp (dir) == NULL) {
     perrorf (g, "mkdtemp");
     goto out;