[pve-devel] [PATCH cluster] avoid harmful '<>' pattern, explicitly read from STDIN
Thomas Lamprecht
t.lamprecht at proxmox.com
Mon Jan 22 10:52:12 CET 2018
Fixes problems in CLIHandler using the code pattern:
while (my $line = <>) {
...
}
For why this causes only _now_ problems lets first look how <>
behaves:
"The null filehandle <> is special: [...] Input from <> comes either
from standard input, or from each file listed on the command line.
Here's how it works: the first time <> is evaluated, the @ARGV array
is checked, and if it is empty, $ARGV[0] is set to "-" , which when
opened gives you standard input. The @ARGV array is then processed
as a list of filenames." - 'perldoc perlop'
Recent changes in the CLIHandler code changed how we modfiied @ARGV
Earlier we assumed that the first argument must be the command and
thus shifted it out of @ARGV, now we can have multiple levels of
(sub)commands. This change also changed how we handle @ARGV, we do
not unshift anything but go through the arguments until we got to
the final command and copy the rest of @ARGV as we know that this
must be the commandos arguments.
For '<>' this means that ARGV was still fully populated and perl
tried to open element as a file, which naturally failed.
Thus the change in pve-common only exposed this 'dangerous' code
pattern.
Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
data/PVE/CLI/pvecm.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
index 6d0d704..321c130 100755
--- a/data/PVE/CLI/pvecm.pm
+++ b/data/PVE/CLI/pvecm.pm
@@ -872,7 +872,7 @@ __PACKAGE__->register_method ({
print "tunnel online\n";
*STDOUT->flush();
- while (my $line = <>) {
+ while (my $line = <STDIN>) {
chomp $line;
last if $line =~ m/^quit$/;
}
--
2.14.2
More information about the pve-devel
mailing list