[pve-devel] applied: [PATCH guest-common] fix #6130: remote migration: untaint bandwidth limit from remote
Thomas Lamprecht
t.lamprecht at proxmox.com
Mon Feb 10 16:52:45 CET 2025
Am 10.02.25 um 14:56 schrieb Fiona Ebner:
> Remote migration via API will be invoked under Perl's '-T' switch to
> detect tainted input used in commands. For remote migration, the
> bandwidth limit from the remote side would be such tainted input. This
> would lead to failure for offline disk migration when the target
> node's bandwidth limit is stricter when invoking the 'pvesm export'
> command:
>
>> command 'set -o pipefail && pvesm export rbd:vm-400-disk-0 \
>> raw+size - -with-snapshots 0 | /usr/bin/cstream -t 307232768' \
>> failed: Insecure dependency in exec while running with -T switch
>
> Untaint the value to fix the issue. Note that the schema for the
> bandwidth limits in datacenter.cfg and storage.cfg allows fractional
> values.
>
> Avoid re-using the same variable for both, the reply from the remote
> (which is a hash) and the actual remote bandwidth limit. This also
> makes it possible to use the "assign regex match or die" pattern while
> accessing the original value in the error message.
>
> Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
> ---
> src/PVE/AbstractMigrate.pm | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
>
applied, thanks!
More information about the pve-devel
mailing list