From ed134d81f1b66fed63aa49b3599dd5b8388ff4b4 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Fri, 4 Nov 2016 11:25:08 -0700 Subject: [PATCH] Limit how much of the file we read to test if it's an encrypted vault file Fixes memory errors reported in #16391 --- lib/ansible/parsing/dataloader.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/ansible/parsing/dataloader.py b/lib/ansible/parsing/dataloader.py index a240e4cf4b3..a3ddd6e8fbf 100644 --- a/lib/ansible/parsing/dataloader.py +++ b/lib/ansible/parsing/dataloader.py @@ -31,7 +31,7 @@ from ansible.errors import AnsibleFileNotFound, AnsibleParserError, AnsibleError from ansible.errors.yaml_strings import YAML_SYNTAX_ERROR from ansible.module_utils.basic import is_executable from ansible.module_utils._text import to_bytes, to_native, to_text -from ansible.parsing.vault import VaultLib, is_encrypted, is_encrypted_file +from ansible.parsing.vault import VaultLib, b_HEADER, is_encrypted, is_encrypted_file from ansible.parsing.quoting import unquote from ansible.parsing.yaml.loader import AnsibleLoader from ansible.parsing.yaml.objects import AnsibleBaseYAMLObject, AnsibleUnicode @@ -399,7 +399,10 @@ class DataLoader(): try: with open(to_bytes(real_path), 'rb') as f: - if is_encrypted_file(f): + # Limit how much of the file is read since we do not know + # whether this is a vault file and therefore it could be very + # large. + if is_encrypted_file(f, count=len(b_HEADER)): # if the file is encrypted and no password was specified, # the decrypt call would throw an error, but we check first # since the decrypt function doesn't know the file name