From d4e00f2bd5b237d5e8d2348ee77c4419e77a571b Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Wed, 23 Jun 2021 08:24:58 +0200 Subject: [PATCH] file/volume size info: add actual errors to untaint messages Signed-off-by: Thomas Lamprecht --- PVE/Storage/PBSPlugin.pm | 2 +- PVE/Storage/Plugin.pm | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/PVE/Storage/PBSPlugin.pm b/PVE/Storage/PBSPlugin.pm index 19629ee..bb1c382 100644 --- a/PVE/Storage/PBSPlugin.pm +++ b/PVE/Storage/PBSPlugin.pm @@ -811,7 +811,7 @@ sub volume_size_info { my $size = 0; foreach my $info (@$data) { - if ($info->{size} && $info->{size} =~ /^(\d+)$/) { + if ($info->{size} && $info->{size} =~ /^(\d+)$/) { # untaints $size += $1; } } diff --git a/PVE/Storage/Plugin.pm b/PVE/Storage/Plugin.pm index b1165f7..44697ec 100644 --- a/PVE/Storage/Plugin.pm +++ b/PVE/Storage/Plugin.pm @@ -837,11 +837,11 @@ sub file_size_info { my ($size, $format, $used, $parent) = $info->@{qw(virtual-size format actual-size backing-filename)}; - ($size) = ($size =~ /^(\d+)$/); #untaint - ($used) = ($used =~ /^(\d+)$/); #untaint - ($format) = ($format =~ /^([-\w]+)$/); #untaint + ($size) = ($size =~ /^(\d+)$/) or die "size '$size' not an integer\n"; # untaint + ($used) = ($used =~ /^(\d+)$/) or die "used '$used' not an integer\n"; # untaint + ($format) = ($format =~ /^(\S+)$/) or die "format '$format' includes whitespace\n"; # untaint if (defined($parent)) { - ($parent) = ($parent =~ /^(.*)$/); #untaint + ($parent) = ($parent =~ /^(\S+)$/) or die "parent '$parent' includes whitespace\n"; # untaint } return wantarray ? ($size, $format, $used, $parent, $st->ctime) : $size; }