[pve-devel] [PATCH storage 3/3] migrate: insecure: untaint the received ip/port

Wolfgang Bumiller w.bumiller at proxmox.com
Tue Jun 6 10:04:03 CEST 2017


---
 PVE/Storage.pm | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/PVE/Storage.pm b/PVE/Storage.pm
index 5f6650d..f952c8a 100755
--- a/PVE/Storage.pm
+++ b/PVE/Storage.pm
@@ -672,9 +672,8 @@ sub storage_migrate {
 		if ($insecure) {
 		    my $pid = open(my $info, '-|', @$recv)
 			or die "receive command failed: $!\n";
-		    my $ip = <$info> // die "no tunnel IP received\n";
-		    my $port = <$info> // die "no tunnel port received\n";
-		    chomp($ip, $port);
+		    my ($ip) = <$info> =~ /^($PVE::Tools::IPRE)$/ or die "no tunnel IP received\n";
+		    my ($port) = <$info> =~ /^(\d+)$/ or die "no tunnel port received\n";
 		    my $socket = IO::Socket::IP->new(PeerHost => $ip, PeerPort => $port, Type => SOCK_STREAM)
 			or die "failed to connect to tunnel at $ip:$port\n";
 		    run_command([$send, @cstream], output => '>&'.fileno($socket));
-- 
2.11.0





More information about the pve-devel mailing list