[Libguestfs] [nbdkit PATCH 1/5] xz: Avoid reading beyond EOF
Eric Blake
eblake at redhat.com
Fri Oct 4 02:54:36 UTC 2019
Check that the file is long enough before reading the header, rather
than violating assumptions of the backend that all requests have
already passed bounds checks. Missed when converting from a plugin to
a filter.
Fixes: c879d310
Signed-off-by: Eric Blake <eblake at redhat.com>
---
filters/xz/xzfile.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/filters/xz/xzfile.c b/filters/xz/xzfile.c
index ee4af713..1ad010ef 100644
--- a/filters/xz/xzfile.c
+++ b/filters/xz/xzfile.c
@@ -117,6 +117,10 @@ check_header_magic (struct nbdkit_next_ops *next_ops, void *nxdata)
char buf[XZ_HEADER_MAGIC_LEN];
int err;
+ if (next_ops->get_size (nxdata) < XZ_HEADER_MAGIC_LEN) {
+ nbdkit_error ("xz: file too short");
+ return false;
+ }
if (next_ops->pread (nxdata, buf, XZ_HEADER_MAGIC_LEN, 0, 0, &err) == -1) {
nbdkit_error ("xz: could not read header magic: error %d", err);
return false;
--
2.21.0
More information about the Libguestfs
mailing list