[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH 6/8] NFC: Allow multiple config files in inspect_with_augeas in inspect_fs_unix.c



On Thu, Nov 24, 2011 at 12:03:43PM +0000, Richard W.M. Jones wrote:
> On Wed, Nov 23, 2011 at 02:00:55PM +0000, Matthew Booth wrote:
> >  static int
> > -inspect_with_augeas (guestfs_h *g, struct inspect_fs *fs, const char *filename,
> > +inspect_with_augeas (guestfs_h *g, struct inspect_fs *fs,
> > +                     const char **configfiles,
> >                       int (*f) (guestfs_h *, struct inspect_fs *))
> >  {
> > -  /* Security: Refuse to do this if filename is too large. */
> > -  int64_t size = guestfs_filesize (g, filename);
> > -  if (size == -1)
> > -    /* guestfs_filesize failed and has already set error in handle */
> > -    return -1;
> > -  if (size > MAX_AUGEAS_FILE_SIZE) {
> > -    error (g, _("size of %s is unreasonably large (%" PRIi64 " bytes)"),
> > -           filename, size);
> > -    return -1;
> > +  /* Security: Refuse to do this if a config file is too large. */
> > +  for (const char **i = configfiles; *i != NULL; i++) {
> > +    if (guestfs_exists(g, *i) == 0) continue;
> > +
> > +    int64_t size = guestfs_filesize (g, *i);
> > +    if (size == -1)
> > +      /* guestfs_filesize failed and has already set error in handle */
> > +      return -1;
> > +    if (size > MAX_AUGEAS_FILE_SIZE) {
> > +      error (g, _("size of %s is unreasonably large (%" PRIi64 " bytes)"),
> > +             *i, size);
> > +      return -1;
> > +    }
> >    }
> 
> This appears to remove the security check on 'filename' being too
> large.

Sorry, I misread it.  This looks correct.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]