Unverified Commit cb4dcba4 authored by Philip Taron's avatar Philip Taron
Browse files

nixos/ec2-metadata-fetcher: harden try_decompress 

- Declare `ftype` as local to avoid leaking into caller scope
- Skip decompression attempt on empty files
- Clean up temp file on decompression failure
parent 80a4ce9a

nixos/modules/virtualisation/ec2-metadata-fetcher.sh

+10 −3
Original line number Diff line number Diff line
@@ -62,14 +62,21 @@ get_imds() { 
}



try_decompress() {

  local temp

  local temp ftype

  if [ ! -s "$1" ]; then

    return

  fi

  ftype=$(file --brief "$1")

  case $ftype in

    gzip*)

      echo "decompressing: $1"

      temp=$(mktemp)

      zcat "$1" > "$temp"

      if zcat "$1" > "$temp"; then

        mv "$temp" "$1"

      else

        echo "failed to decompress: $1"

        rm -f "$temp"

      fi

  esac

}