df: untaint the result
authorWolfgang Bumiller <w.bumiller@proxmox.com>
Mon, 4 Jul 2016 10:59:51 +0000 (12:59 +0200)
committerFabian Gr├╝nbichler <f.gruenbichler@proxmox.com>
Mon, 4 Jul 2016 12:13:41 +0000 (14:13 +0200)
src/PVE/Tools.pm

index 039c9fb..68c4e68 100644 (file)
@@ -851,9 +851,9 @@ sub df {
     $pipe->reader();
 
     my $readvalues = sub {
-       $res->{total} = int(<$pipe>);
-       $res->{used}  = int(<$pipe>);
-       $res->{avail} = int(<$pipe>);
+       $res->{total} = int((<$pipe> =~ /^(\d*)$/)[0]);
+       $res->{used}  = int((<$pipe> =~ /^(\d*)$/)[0]);
+       $res->{avail} = int((<$pipe> =~ /^(\d*)$/)[0]);
     };
     eval {
        run_with_timeout($timeout, $readvalues);