[pve-devel] [PATCH common] untaint df return values
Thomas Lamprecht
t.lamprecht at proxmox.com
Mon Apr 23 11:40:58 CEST 2018
On 4/20/18 11:42 AM, Dominik Csapak wrote:
> since we sometimes use their length in a format string for printf
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> src/PVE/Tools.pm | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
> index d5373a4..a366d47 100644
> --- a/src/PVE/Tools.pm
> +++ b/src/PVE/Tools.pm
> @@ -986,10 +986,15 @@ sub df {
> my $res = eval { run_fork_with_timeout($timeout, $df) } // {};
> warn $@ if $@;
>
> + #untaint the values
> + my ($blocks) = $res->{blocks} =~ m/^(\d+)$/ if $res->{blocks};
> + my ($used) = $res->{used} =~ m/^(\d+)$/ if $res->{used};
> + my ($bavail) = $res->{bavail} =~ m/^(\d+)$/ if $res->{bavail};
> +
> return {
> - total => $res->{blocks} // 0,
> - used => $res->{used} // 0,
> - avail => $res->{bavail} // 0,
> + total => $blocks // 0,
> + used => $used // 0,
> + avail => $bavail // 0,
> };
> }
>
>
Hmm, a bit much repetition... How about just doing:
----8<----
diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index d5373a4..68f8215 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -986,10 +986,13 @@ sub df {
my $res = eval { run_fork_with_timeout($timeout, $df) } // {};
warn $@ if $@;
+ my ($blocks, $used, $bavail) = map { (/^(\d+)$/) // 0 }
+ $res->@{qw(blocks used bavail)};
+
return {
- total => $res->{blocks} // 0,
- used => $res->{used} // 0,
- avail => $res->{bavail} // 0,
+ total => $blocks,
+ used => $used,
+ avail => $bavail,
};
}
More information about the pve-devel
mailing list