since we sometimes use their length in a format string for printf
Signed-off-by: Dominik Csapak <d.csa...@proxmox.com>
---
src/PVE/Tools.pm | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index d5373a4..a366d47 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -986,10 +986,15 @@ sub df {
my $res = eval { run_fork_with_timeout($timeout, $df) } // {};
warn $@ if $@;
+ #untaint the values
+ my ($blocks) = $res->{blocks} =~ m/^(\d+)$/ if $res->{blocks};
+ my ($used) = $res->{used} =~ m/^(\d+)$/ if $res->{used};
+ my ($bavail) = $res->{bavail} =~ m/^(\d+)$/ if $res->{bavail};
+
return {
- total => $res->{blocks} // 0,
- used => $res->{used} // 0,
- avail => $res->{bavail} // 0,
+ total => $blocks // 0,
+ used => $used // 0,
+ avail => $bavail // 0,
};
}
--
2.11.0
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
