yesBad/pve-storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix #1925: untaint rbd JSON output

Browse Source 
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
This commit is contained in:
Dietmar Maurer
2018-09-19 06:43:12 +02:00
committed by Thomas Lamprecht
parent 729c2594f9
commit 0057171085
1 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
PVE/Storage/RBDPlugin.pm
View File

@ -166,7 +166,14 @@ sub rbd_ls {
die $err if $err && $err !~ m/doesn't contain rbd images/ ; die $err if $err && $err !~ m/doesn't contain rbd images/ ;
my $result = $raw ne '' ? JSON::decode_json($raw) : []; my $result;
if ($raw eq '') {
$result = [];
} elsif ($raw =~ m/^(\[.*\])$/s) { # untaint
$result = JSON::decode_json($1);
} else {
die "got unexpected data from rbd ls: '$raw'\n";
}
my $list = {}; my $list = {};
@ -206,7 +213,14 @@ sub rbd_volume_info {
run_rbd_command($cmd, errmsg => "rbd error", errfunc => sub {}, outfunc => $parser); run_rbd_command($cmd, errmsg => "rbd error", errfunc => sub {}, outfunc => $parser);
my $volume = $raw ne '' ? JSON::decode_json($raw) : {}; my $volume;
if ($raw eq '') {
$volume = {};
} elsif ($raw =~ m/^(\{.*\})$/s) { # untaint
$volume = JSON::decode_json($1);
} else {
die "got unexpected data from rbd info: '$raw'\n";
}
$volume->{parent} = $get_parent_image_name->($volume->{parent}); $volume->{parent} = $get_parent_image_name->($volume->{parent});
$volume->{protected} = defined($volume->{protected}) && $volume->{protected} eq "true" ? 1 : undef; $volume->{protected} = defined($volume->{protected}) && $volume->{protected} eq "true" ? 1 : undef;
@ -325,7 +339,9 @@ my $find_free_diskname = sub {
my $parser = sub { my $parser = sub {
my $line = shift; my $line = shift;
push @$disk_list, $line; if ($line = m/^(.*)$/) { # untaint
push @$disk_list, $1;
}
}; };
eval { eval {