fix #6130: remote migration: untaint bandwidth limit from remote

Remote migration via API will be invoked under Perl's '-T' switch to
detect tainted input used in commands. For remote migration, the
bandwidth limit from the remote side would be such tainted input. This
would lead to failure for offline disk migration when the target
node's bandwidth limit is stricter when invoking the 'pvesm export'
command:

> command 'set -o pipefail && pvesm export rbd:vm-400-disk-0 \
> raw+size - -with-snapshots 0 | /usr/bin/cstream -t 307232768' \
> failed: Insecure dependency in exec while running with -T switch

Untaint the value to fix the issue. Note that the schema for the
bandwidth limits in datacenter.cfg and storage.cfg allows fractional
values.

Avoid re-using the same variable for both, the reply from the remote
(which is a hash) and the actual remote bandwidth limit. This also
makes it possible to use the "assign regex match or die" pattern while
accessing the original value in the error message.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>

src/PVE/AbstractMigrate.pm

@@ -350,9 +350,14 @@ sub get_bwlimit {
 	    storages => [$target],
 	    bwlimit => $self->{opts}->{bwlimit},
 	};
-	my $remote_bwlimit = PVE::Tunnel::write_tunnel($self->{tunnel}, 10, 'bwlimit', $bwlimit_opts);
+
-	if ($remote_bwlimit && $remote_bwlimit->{bwlimit}) {
+	my $bwlimit_reply = PVE::Tunnel::write_tunnel(
-	    $remote_bwlimit = $remote_bwlimit->{bwlimit};
+	    $self->{tunnel}, 10, 'bwlimit', $bwlimit_opts);
+
+	if ($bwlimit_reply && $bwlimit_reply->{bwlimit}) {
+	    # untaint
+	    my ($remote_bwlimit) = ($bwlimit_reply->{bwlimit} =~ m/^(\d+(.\d+)?)$/)
+		or die "invalid remote bandwidth limit: '$bwlimit_reply->{bwlimit}'\n";
 
 	    $bwlimit = $remote_bwlimit
 		if (!$bwlimit || $bwlimit > $remote_bwlimit);