From: Lennart Poettering Date: Mon, 4 Dec 2023 17:20:36 +0000 (+0100) Subject: dissect-image: don't try to validate an extension release file with no image name X-Git-Tag: v256-rc1~1503^2~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a8e8bcfb7dbe53158c30b236e66814b32a6b748b;p=thirdparty%2Fsystemd.git dissect-image: don't try to validate an extension release file with no image name Otherwise we might validate the OS release file instead… --- diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 7142429642f..65f5e786b56 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -2179,7 +2179,7 @@ int dissected_image_mount( if (r > 0) ok = true; } - if (!ok && FLAGS_SET(flags, DISSECT_IMAGE_VALIDATE_OS_EXT)) { + if (!ok && FLAGS_SET(flags, DISSECT_IMAGE_VALIDATE_OS_EXT) && m->image_name) { r = extension_has_forbidden_content(where); if (r < 0) return r; @@ -3439,6 +3439,9 @@ int dissected_image_acquire_metadata(DissectedImage *m, DissectImageFlags extra_ switch (k) { case META_SYSEXT_RELEASE: + if (!m->image_name) + goto next; + /* As per the os-release spec, if the image is an extension it will have a * file named after the image name in extension-release.d/ - we use the image * name and try to resolve it with the extension-release helpers, as @@ -3459,6 +3462,9 @@ int dissected_image_acquire_metadata(DissectedImage *m, DissectImageFlags extra_ break; case META_CONFEXT_RELEASE: + if (!m->image_name) + goto next; + /* As above */ r = open_extension_release( t,