[pve-devel] applied: [pve-common] print_text_table: untaint $width
Thomas Lamprecht
t.lamprecht at proxmox.com
Mon Jul 30 16:03:34 CEST 2018
Am 07/27/2018 um 02:55 PM schrieb Dietmar Maurer:
> The value of $width depends on possible untainted $data (for example
> task logs read from external files).
>
> Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
> ---
> src/PVE/CLIFormatter.pm | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/src/PVE/CLIFormatter.pm b/src/PVE/CLIFormatter.pm
> index ff0e264..d964b51 100644
> --- a/src/PVE/CLIFormatter.pm
> +++ b/src/PVE/CLIFormatter.pm
> @@ -209,6 +209,8 @@ sub print_text_table {
> $width = $len if $len > $width;
> }
>
> + $width = ($width =~ m/^(\d+)$/) ? int($1) : 0; # untaint int
> +
> $rowdata->{$prop} = {
> lines => $lines,
> width => $width,
>
applied
More information about the pve-devel
mailing list