From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id D4D401FF15F for ; Mon, 18 Nov 2024 16:31:34 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CFE5C13A11; Mon, 18 Nov 2024 16:30:05 +0100 (CET) From: Dominik Csapak To: pve-devel@lists.proxmox.com Date: Mon, 18 Nov 2024 16:29:14 +0100 Message-Id: <20241118152928.858590-12-d.csapak@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241118152928.858590-1-d.csapak@proxmox.com> References: <20241118152928.858590-1-d.csapak@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.016 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH storage v7 11/11] plugin: file_size_info: warn on parent images with unusual path X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" If the base image (parent) of an image contains e.g. whitespace in it's path, the current untainting would not match and it would seem there was no parent. Since untrusted files are not allowed to have backing parts, just warn, when encountering this case to keep backwards compatibility. Signed-off-by: Dominik Csapak --- changes from v6: * only warn if we find invalid characters but keep behaviour, for backwards compat for existing setups src/PVE/Storage/Plugin.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/src/PVE/Storage/Plugin.pm b/src/PVE/Storage/Plugin.pm index 8f1c7c8..2407eba 100644 --- a/src/PVE/Storage/Plugin.pm +++ b/src/PVE/Storage/Plugin.pm @@ -1031,6 +1031,7 @@ sub file_size_info { ($format) = ($format =~ /^(\S+)$/); # untaint die "format '$format' includes whitespace\n" if !defined($format); if (defined($parent)) { + warn "strange parent name path '$parent' found\n" if $parent =~ m/[^\S]/; ($parent) = ($parent =~ /^(\S+)$/); # untaint } return wantarray ? ($size, $format, $used, $parent, $st->ctime) : $size; -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel