[pve-devel] [PATCH common] run_command: untaint end of buffer
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Jun 22 17:15:08 CEST 2021
On 22.06.21 17:10, Stoiko Ivanov wrote:
> I had a patch for untainting the individual values in
> PVE::Storage::Plugin::volume_size_info but then went with this patch,
I'd rather have that patch, especially for back-porting to stable.
I mean, else we can probably just turn of the taint mode completely, what's the
point then.
> since I expect the issue of output not ending in newline or being longer
> than 4k to linger in a few places in our code.
>
> For the volume_size_info calls of our storage plugins - a quick check says
> only PBSPlugin.pm and Plugin.pm could cause this issue
can we patch it there then too?
More information about the pve-devel
mailing list