[pve-devel] [PATCH common] df: untaint the result
Wolfgang Bumiller
w.bumiller at proxmox.com
Mon Jul 4 12:59:51 CEST 2016
---
src/PVE/Tools.pm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index 039c9fb..68c4e68 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -851,9 +851,9 @@ sub df {
$pipe->reader();
my $readvalues = sub {
- $res->{total} = int(<$pipe>);
- $res->{used} = int(<$pipe>);
- $res->{avail} = int(<$pipe>);
+ $res->{total} = int((<$pipe> =~ /^(\d*)$/)[0]);
+ $res->{used} = int((<$pipe> =~ /^(\d*)$/)[0]);
+ $res->{avail} = int((<$pipe> =~ /^(\d*)$/)[0]);
};
eval {
run_with_timeout($timeout, $readvalues);
--
2.1.4
More information about the pve-devel
mailing list