From e5caa02e059843bd2d3452a903bd391bb8ebbfff Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Mon, 22 Jan 2018 10:52:11 +0100 Subject: [PATCH] avoid harmful '<>' pattern, explicitly read from STDIN Fixes problems in CLIHandler using the code pattern: while (my $line = <>) { ... } For why this causes only _now_ problems lets first look how <> behaves: "The null filehandle <> is special: [...] Input from <> comes either from standard input, or from each file listed on the command line. Here's how it works: the first time <> is evaluated, the @ARGV array is checked, and if it is empty, $ARGV[0] is set to "-" , which when opened gives you standard input. The @ARGV array is then processed as a list of filenames." - 'perldoc perlop' Recent changes in the CLIHandler code changed how we modfiied @ARGV Earlier we assumed that the first argument must be the command and thus shifted it out of @ARGV, now we can have multiple levels of (sub)commands. This change also changed how we handle @ARGV, we do not unshift anything but go through the arguments until we got to the final command and copy the rest of @ARGV as we know that this must be the commandos arguments. For '<>' this means that ARGV was still fully populated and perl tried to open element as a file, which naturally failed. Thus the change in pve-common only exposed this 'dangerous' code pattern. Signed-off-by: Thomas Lamprecht --- PVE/API2/Qemu.pm | 2 +- PVE/CLI/qm.pm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm index 0983ce69..b277a268 100644 --- a/PVE/API2/Qemu.pm +++ b/PVE/API2/Qemu.pm @@ -1849,7 +1849,7 @@ __PACKAGE__->register_method({ # read spice ticket from STDIN my $spice_ticket; if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) { - if (defined(my $line = <>)) { + if (defined(my $line = )) { chomp $line; $spice_ticket = $line; } diff --git a/PVE/CLI/qm.pm b/PVE/CLI/qm.pm index 564e4439..04beb48e 100755 --- a/PVE/CLI/qm.pm +++ b/PVE/CLI/qm.pm @@ -286,7 +286,7 @@ __PACKAGE__->register_method ({ $tunnel_write->("tunnel online"); $tunnel_write->("ver 1"); - while (my $line = <>) { + while (my $line = ) { chomp $line; if ($line =~ /^quit$/) { $tunnel_write->("OK");