If the base image (parent) of an image contains e.g. whitespace in it's
path, the current untainting would not match and it would seem there was
no parent.
Since untrusted files are not allowed to have backing parts, just warn,
when encountering this case to keep backwards compatibility.
Signed-off-by: Dominik Csapak <d.csa...@proxmox.com>
---
changes from v6:
* only warn if we find invalid characters but keep behaviour, for
backwards compat for existing setups
src/PVE/Storage/Plugin.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/PVE/Storage/Plugin.pm b/src/PVE/Storage/Plugin.pm
index 8f1c7c8..2407eba 100644
--- a/src/PVE/Storage/Plugin.pm
+++ b/src/PVE/Storage/Plugin.pm
@@ -1031,6 +1031,7 @@ sub file_size_info {
($format) = ($format =~ /^(\S+)$/); # untaint
die "format '$format' includes whitespace\n" if !defined($format);
if (defined($parent)) {
+ warn "strange parent name path '$parent' found\n" if $parent =~
m/[^\S]/;
($parent) = ($parent =~ /^(\S+)$/); # untaint
}
return wantarray ? ($size, $format, $used, $parent, $st->ctime) : $size;
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
