ambiser
/
btrbk
mirror of https://github.com/digint/btrbk
9
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

btrbk: bugfix: untaint raw backup file list read by "find" command

pull/88/head
Axel Burri 2016-04-03 21:38:19 +02:00
parent 023004e9cc
commit 899ca92026
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
btrbk
View File

@ -3394,12 +3394,13 @@ MAIN:
my @subvol_list; my @subvol_list;
my %child_uuid_list; my %child_uuid_list;
foreach my $file (split("\n", $ret)) foreach (split("\n", $ret))
{ {
unless($file =~ /^$file_match$/) { unless(/^($file_match)$/) {
DEBUG "Skipping non-parseable file: \"$file\""; DEBUG "Skipping non-parseable file: \"$_\"";
next; next;
} }
my $file = $1; # untaint argument
unless($file =~ s/^\Q$droot->{PATH}\E\///) { unless($file =~ s/^\Q$droot->{PATH}\E\///) {
ABORTED($droot, "Unexpected result from 'find': file \"$file\" is not under \"$droot->{PATH}\""); ABORTED($droot, "Unexpected result from 'find': file \"$file\" is not under \"$droot->{PATH}\"");
last; last;