[Libguestfs] [PATCH 6/8] NFC: Allow multiple config files in inspect_with_augeas in inspect_fs_unix.c
Matthew Booth
mbooth at redhat.com
Thu Nov 24 12:12:35 UTC 2011
On 11/24/2011 12:03 PM, Richard W.M. Jones wrote:
> On Wed, Nov 23, 2011 at 02:00:55PM +0000, Matthew Booth wrote:
>> static int
>> -inspect_with_augeas (guestfs_h *g, struct inspect_fs *fs, const char *filename,
>> +inspect_with_augeas (guestfs_h *g, struct inspect_fs *fs,
>> + const char **configfiles,
>> int (*f) (guestfs_h *, struct inspect_fs *))
>> {
>> - /* Security: Refuse to do this if filename is too large. */
>> - int64_t size = guestfs_filesize (g, filename);
>> - if (size == -1)
>> - /* guestfs_filesize failed and has already set error in handle */
>> - return -1;
>> - if (size> MAX_AUGEAS_FILE_SIZE) {
>> - error (g, _("size of %s is unreasonably large (%" PRIi64 " bytes)"),
>> - filename, size);
>> - return -1;
>> + /* Security: Refuse to do this if a config file is too large. */
>> + for (const char **i = configfiles; *i != NULL; i++) {
>> + if (guestfs_exists(g, *i) == 0) continue;
>> +
>> + int64_t size = guestfs_filesize (g, *i);
>> + if (size == -1)
>> + /* guestfs_filesize failed and has already set error in handle */
>> + return -1;
>> + if (size> MAX_AUGEAS_FILE_SIZE) {
>> + error (g, _("size of %s is unreasonably large (%" PRIi64 " bytes)"),
>> + *i, size);
>> + return -1;
>> + }
>> }
>
> This appears to remove the security check on 'filename' being too
> large.
It checks all files and will return an error if any of them is too large.
Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat Engineering, Virtualisation Team
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
More information about the Libguestfs
mailing list