From 899ca92026406e45f5c690d130cc68c492bb268a Mon Sep 17 00:00:00 2001
From: Axel Burri <axel@tty0.ch>
Date: Sun, 3 Apr 2016 21:38:19 +0200
Subject: [PATCH] btrbk: bugfix: untaint raw backup file list read by "find"
 command

---
 btrbk | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/btrbk b/btrbk
index dc7db43..bad9965 100755
--- a/btrbk
+++ b/btrbk
@@ -3394,12 +3394,13 @@ MAIN:
 
           my @subvol_list;
           my %child_uuid_list;
-          foreach my $file (split("\n", $ret))
+          foreach (split("\n", $ret))
           {
-            unless($file =~ /^$file_match$/) {
-              DEBUG "Skipping non-parseable file: \"$file\"";
+            unless(/^($file_match)$/) {
+              DEBUG "Skipping non-parseable file: \"$_\"";
               next;
             }
+            my $file = $1; # untaint argument
             unless($file =~ s/^\Q$droot->{PATH}\E\///) {
               ABORTED($droot, "Unexpected result from 'find': file \"$file\" is not under \"$droot->{PATH}\"");
               last;