From 488cf14d4f0a927d5bef4b5a12933cd8a7b8fd98 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Tue, 6 Jun 2017 10:04:03 +0200 Subject: [PATCH] migrate: insecure: untaint the received ip/port --- PVE/Storage.pm | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/PVE/Storage.pm b/PVE/Storage.pm index 2d6c43d..c34f2f5 100755 --- a/PVE/Storage.pm +++ b/PVE/Storage.pm @@ -671,9 +671,8 @@ sub storage_migrate { if ($insecure) { my $pid = open(my $info, '-|', @$recv) or die "receive command failed: $!\n"; - my $ip = <$info> // die "no tunnel IP received\n"; - my $port = <$info> // die "no tunnel port received\n"; - chomp($ip, $port); + my ($ip) = <$info> =~ /^($PVE::Tools::IPRE)$/ or die "no tunnel IP received\n"; + my ($port) = <$info> =~ /^(\d+)$/ or die "no tunnel port received\n"; my $socket = IO::Socket::IP->new(PeerHost => $ip, PeerPort => $port, Type => SOCK_STREAM) or die "failed to connect to tunnel at $ip:$port\n"; run_command([$send, @cstream], output => '>&'.fileno($socket));