From: Dietmar Maurer <dietmar@proxmox.com>
Date: Sun, 20 Sep 2015 08:34:04 +0000 (+0200)
Subject: SectionConfig: protect against newline injection
X-Git-Url: https://git.proxmox.com/?p=pve-common.git;a=commitdiff_plain;h=0cb4d663f54896ba78a8374a9f201d461d0f2449

SectionConfig: protect against newline injection
---

diff --git a/src/PVE/SectionConfig.pm b/src/PVE/SectionConfig.pm
index 71d296e..95e166a 100644
--- a/src/PVE/SectionConfig.pm
+++ b/src/PVE/SectionConfig.pm
@@ -393,6 +393,9 @@ my $format_config_line = sub {
 
     my $ct = $schema->{type};
 
+    die "property '$key' contains a line feed\n"
+	if ($key =~ m/[\n\r]/) || ($value =~ m/[\n\r]/);
+
     if ($ct eq 'boolean') {
 	return $value ? "\t$key\n" : '';
     } else {