From: Richard W.M. Jones <rjones@redhat.com>
Date: Tue, 16 Nov 2010 12:45:50 +0000 (+0000)
Subject: inspect: Check /etc/lsb-release is not too large before calling head on it.
X-Git-Tag: 1.7.9~8
X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=commitdiff_plain;h=35afe0cb33c986bf595585a716ff259cf3415a1f

inspect: Check /etc/lsb-release is not too large before calling head on it.
---

diff --git a/src/inspect.c b/src/inspect.c
index 9c98869..2006bbd 100644
--- a/src/inspect.c
+++ b/src/inspect.c
@@ -400,11 +400,26 @@ parse_major_minor (guestfs_h *g, struct inspect_fs *fs)
 static int
 parse_lsb_release (guestfs_h *g, struct inspect_fs *fs)
 {
+  const char *filename = "/etc/lsb-release";
+  int64_t size;
   char **lines;
   size_t i;
   int r = 0;
 
-  lines = guestfs_head_n (g, 10, "/etc/lsb-release");
+  /* Don't trust guestfs_head_n not to break with very large files.
+   * Check the file size is something reasonable first.
+   */
+  size = guestfs_filesize (g, filename);
+  if (size == -1)
+    /* guestfs_filesize failed and has already set error in handle */
+    return -1;
+  if (size > 1000000) {
+    error (g, _("size of %s is unreasonably large (%" PRIi64 " bytes)"),
+           filename, size);
+    return -1;
+  }
+
+  lines = guestfs_head_n (g, 10, filename);
   if (lines == NULL)
     return -1;