[pve-devel] [PATCH pve-storage] Fix #1925: untaint rbd JSON output

Thomas Lamprecht t.lamprecht at proxmox.com
Wed Sep 19 08:21:55 CEST 2018


On 9/19/18 6:43 AM, Dietmar Maurer wrote:
> Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
> ---
>  PVE/Storage/RBDPlugin.pm | 22 +++++++++++++++++++---
>  1 file changed, 19 insertions(+), 3 deletions(-)
> 
> diff --git a/PVE/Storage/RBDPlugin.pm b/PVE/Storage/RBDPlugin.pm
> index ee373d6..0acfb2d 100644
> --- a/PVE/Storage/RBDPlugin.pm
> +++ b/PVE/Storage/RBDPlugin.pm
> @@ -166,7 +166,14 @@ sub rbd_ls {
>  
>      die $err if $err && $err !~ m/doesn't contain rbd images/ ;
>  
> -    my $result = $raw ne '' ? JSON::decode_json($raw) : [];
> +    my $result;
> +    if ($raw eq '') {
> +	$result = [];
> +    } elsif ($raw =~ m/^(\[.*\])$/s) { # untaint
> +	$result = JSON::decode_json($1);
> +    } else {
> +	die "got unexpected data from rbd ls: '$raw'\n";
> +    }
>  
>      my $list = {};
>  
> @@ -206,7 +213,14 @@ sub rbd_volume_info {
>  
>      run_rbd_command($cmd, errmsg => "rbd error", errfunc => sub {}, outfunc => $parser);
>  
> -    my $volume = $raw ne '' ? JSON::decode_json($raw) : {};
> +    my $volume;
> +    if ($raw eq '') {
> +	$volume = {};
> +    } elsif ($raw =~ m/^(\{.*\})$/s) { # untaint
> +	$volume = JSON::decode_json($1);
> +    } else {
> +	die "got unexpected data from rbd info: '$raw'\n";
> +    }
>  
>      $volume->{parent} = $get_parent_image_name->($volume->{parent});
>      $volume->{protected} = defined($volume->{protected}) && $volume->{protected} eq "true" ? 1 : undef;
> @@ -325,7 +339,9 @@ my $find_free_diskname = sub {
>  
>      my $parser = sub {
>  	my $line = shift;
> -	push @$disk_list, $line;
> +	if ($line = m/^(.*)$/) { # untaint
> +	    push @$disk_list, $1;
> +	}
>      };
>  
>      eval {
> 

Reviewed-by: Thomas Lamprecht <t.lamprecht at proxmox.com>

If there are no objections I'd apply and push this out.




More information about the pve-devel mailing list