[pve-devel] r4875 - pve-storage/pve2

Mon Jul 5 13:56:23 CEST 2010

Author: dietmar
Date: 2010-07-05 11:56:23 +0000 (Mon, 05 Jul 2010)
New Revision: 4875

Modified:
   pve-storage/pve2/Storage.pm
Log:
correctly untaint path


Modified: pve-storage/pve2/Storage.pm
===================================================================

--- pve-storage/pve2/Storage.pm	2010-07-05 09:39:26 UTC (rev 4874)
+++ pve-storage/pve2/Storage.pm	2010-07-05 11:56:23 UTC (rev 4875)
@@ -1971,10 +1971,11 @@
 
 	    foreach my $fn (<$path/images/[0-9][0-9]*/*>) {
 
-		next if $fn !~ m!/images/(\d+)/([^/]+\.($fmts))$!;
+		next if $fn !~ m!^(/.+/images/(\d+)/([^/]+\.($fmts)))$!;
+		$fn = $1; # untaint
 
-		my $owner = $1;
-		my $name = $2;
+		my $owner = $2;
+		my $name = $3;
 		my $volname = "$owner/$name";
 
 		if ($vollist) {


