>From ae8bb84ecd46d7b6ef557a87725923ac8d09dce0 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Fri, 31 May 2013 08:37:44 +0100 Subject: [PATCH] inspection: Don't segfault if /etc/SuSE-release is an empty file. Related to CVE-2013-2124. Thanks: Olaf Hering. --- src/inspect-fs-unix.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/inspect-fs-unix.c b/src/inspect-fs-unix.c index 5fabaa2..da5fbf3 100644 --- a/src/inspect-fs-unix.c +++ b/src/inspect-fs-unix.c @@ -338,10 +338,11 @@ parse_suse_release (guestfs_h *g, struct inspect_fs *fs, const char *filename) if (lines == NULL) return -1; + if (lines[0] != NULL) + goto out; + /* First line is dist release name */ fs->product_name = safe_strdup (g, lines[0]); - if (fs->product_name == NULL) - goto out; /* Match SLES first because openSuSE regex overlaps some SLES release strings */ if (match (g, fs->product_name, re_sles) || match (g, fs->product_name, re_nld)) { -- 1.8.2.1