[pve-devel] [PATCH storage v7 11/11] plugin: file_size_info: warn on parent images with unusual path
Dominik Csapak
d.csapak at proxmox.com
Mon Nov 18 16:29:14 CET 2024
If the base image (parent) of an image contains e.g. whitespace in it's
path, the current untainting would not match and it would seem there was
no parent.
Since untrusted files are not allowed to have backing parts, just warn,
when encountering this case to keep backwards compatibility.
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
changes from v6:
* only warn if we find invalid characters but keep behaviour, for
backwards compat for existing setups
src/PVE/Storage/Plugin.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/PVE/Storage/Plugin.pm b/src/PVE/Storage/Plugin.pm
index 8f1c7c8..2407eba 100644
--- a/src/PVE/Storage/Plugin.pm
+++ b/src/PVE/Storage/Plugin.pm
@@ -1031,6 +1031,7 @@ sub file_size_info {
($format) = ($format =~ /^(\S+)$/); # untaint
die "format '$format' includes whitespace\n" if !defined($format);
if (defined($parent)) {
+ warn "strange parent name path '$parent' found\n" if $parent =~ m/[^\S]/;
($parent) = ($parent =~ /^(\S+)$/); # untaint
}
return wantarray ? ($size, $format, $used, $parent, $st->ctime) : $size;
--
2.39.5
More information about the pve-devel
mailing list