proxmox-mirrors/pve-common
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-common synced 2025-08-14 05:55:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

untaint df return values

Browse Source 
since we sometimes use their length in a format string for printf

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Co-authored-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Dominik Csapak 2018-04-24 10:15:14 +02:00 committed by Thomas Lamprecht
parent 1e83e254ed
commit fd58bb2bff
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/PVE/Tools.pm
View File

@ -986,10 +986,14 @@ sub df {
my $res = eval { run_fork_with_timeout($timeout, $df) } // {}; my $res = eval { run_fork_with_timeout($timeout, $df) } // {};
warn $@ if $@; warn $@ if $@;
# untaint the values
my ($blocks, $used, $bavail) = map { defined($_) ? (/^(\d+)$/) : 0 }
$res->@{qw(blocks used bavail)};
return { return {
total => $res->{blocks} // 0, total => $blocks,
used => $res->{used} // 0, used => $used,
avail => $res->{bavail} // 0, avail => $bavail,
}; };
} }