ambiser
/
btrbk
mirror of https://github.com/digint/btrbk
9
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

btrbk: bugfix: untaint result of system_realpath()

pull/88/head
Axel Burri 2016-04-02 14:10:35 +02:00
parent 407d25f604
commit 86170e6b21
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
btrbk
View File

@ -1129,12 +1129,13 @@ sub system_realpath($)
);
return undef unless(defined($ret));
unless($ret =~ /^$file_match$/) {
unless($ret =~ /^($file_match)$/) {
ERROR "Failed to parse output of `realpath` for \"$vol->{PRINT}\": \"$ret\"";
return undef;
}
DEBUG "Real path for \"$vol->{PRINT}\" is: $ret";
return $ret;
my $realpath = $1; # untaint argument
DEBUG "Real path for \"$vol->{PRINT}\" is: $realpath";
return $realpath;
}