Without untainting, offline-deleting a volume-chain snapshot on a
directory storage via the GUI fails with an "Insecure dependecy in
exec [...]" error, because volume_snapshot_delete uses the filename
its qemu-img invocation.
Signed-off-by: Friedrich Weber <f.we...@proxmox.com>
---
Notes:
I'm not too familiar with the taint mode. Allowing anything that
starts with a slash seems a little lax, but I don't know if we can do
any meaningful validation here -- let me know if we can.
src/PVE/Storage/Plugin.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/PVE/Storage/Plugin.pm b/src/PVE/Storage/Plugin.pm
index a817186..2bd05bd 100644
--- a/src/PVE/Storage/Plugin.pm
+++ b/src/PVE/Storage/Plugin.pm
@@ -1789,6 +1789,7 @@ sub volume_snapshot_info {
my $snapshots = $json_decode;
for my $snap (@$snapshots) {
my $snapfile = $snap->{filename};
+ ($snapfile) = $snapfile =~ m|^(/.*)|; # untaint
my $snapname = $get_snapname_from_path->($volname, $snapfile);
#not a proxmox snapshot
next if !$snapname;
--
2.47.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
