From a8e8bcfb7dbe53158c30b236e66814b32a6b748b Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 4 Dec 2023 18:20:36 +0100 Subject: [PATCH] dissect-image: don't try to validate an extension release file with no image name MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Otherwise we might validate the OS release file instead… --- src/shared/dissect-image.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 7142429642f..65f5e786b56 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -2179,7 +2179,7 @@ int dissected_image_mount( if (r > 0) ok = true; } - if (!ok && FLAGS_SET(flags, DISSECT_IMAGE_VALIDATE_OS_EXT)) { + if (!ok && FLAGS_SET(flags, DISSECT_IMAGE_VALIDATE_OS_EXT) && m->image_name) { r = extension_has_forbidden_content(where); if (r < 0) return r; @@ -3439,6 +3439,9 @@ int dissected_image_acquire_metadata(DissectedImage *m, DissectImageFlags extra_ switch (k) { case META_SYSEXT_RELEASE: + if (!m->image_name) + goto next; + /* As per the os-release spec, if the image is an extension it will have a * file named after the image name in extension-release.d/ - we use the image * name and try to resolve it with the extension-release helpers, as @@ -3459,6 +3462,9 @@ int dissected_image_acquire_metadata(DissectedImage *m, DissectImageFlags extra_ break; case META_CONFEXT_RELEASE: + if (!m->image_name) + goto next; + /* As above */ r = open_extension_release( t, -- 2.47.3