[pve-devel] [PATCH storage v6 12/12] plugin: file_size_info: don't ignore base path with whitespace
Dominik Csapak
d.csapak at proxmox.com
Mon Nov 18 08:42:16 CET 2024
On 11/17/24 16:16, Thomas Lamprecht wrote:
> Am 15.11.24 um 16:17 schrieb Dominik Csapak:
>> if the base image (parent) of an image contains whitespace in it's path
>> (e.g. a space), the current untainting would not match and it would seem
>> there was no parent.
>
> do we really want all spaces like newline too? Those sometimes can cause odd
> things when printing to CLI or the like, so maybe just add space explicitly?
>
> Like with: /^([ \S]+)$/
>
mhmm i agree that there might be some characters that can make problem.
in that case I'd rather just 'die' if we encounter a base image with problematic characters,
instead of treating it as having no parent?
I can't exactly remember the context of this patch, but we now disallow
base images for imported volumes altogether, so not sure if it is still necessary
to allow such paths for parents
(file based storages can't have a space in the path, and neither can have volume ids
created with our api)
>>
>> Fix that by adapting the untaint regex
>>
>> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
>> ---
>> src/PVE/Storage/Plugin.pm | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/src/PVE/Storage/Plugin.pm b/src/PVE/Storage/Plugin.pm
>> index eed764d..761783f 100644
>> --- a/src/PVE/Storage/Plugin.pm
>> +++ b/src/PVE/Storage/Plugin.pm
>> @@ -1031,7 +1031,7 @@ sub file_size_info {
>> ($format) = ($format =~ /^(\S+)$/); # untaint
>> die "format '$format' includes whitespace\n" if !defined($format);
>> if (defined($parent)) {
>> - ($parent) = ($parent =~ /^(\S+)$/); # untaint
>> + ($parent) = ($parent =~ /^(.*)$/); # untaint
>> }
>> return wantarray ? ($size, $format, $used, $parent, $st->ctime) : $size;
>> }
>
More information about the pve-devel
mailing list