From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 4 Jul 2016 10:59:51 +0000 (+0200)
Subject: df: untaint the result
X-Git-Url: https://git.proxmox.com/?p=pve-common.git;a=commitdiff_plain;h=28705ff6d12da9ca2bbcfd45702057f3e65bc8b0

df: untaint the result
---

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index 039c9fb..68c4e68 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -851,9 +851,9 @@ sub df {
     $pipe->reader();
 
     my $readvalues = sub {
-	$res->{total} = int(<$pipe>);
-	$res->{used}  = int(<$pipe>);
-	$res->{avail} = int(<$pipe>);
+	$res->{total} = int((<$pipe> =~ /^(\d*)$/)[0]);
+	$res->{used}  = int((<$pipe> =~ /^(\d*)$/)[0]);
+	$res->{avail} = int((<$pipe> =~ /^(\d*)$/)[0]);
     };
     eval {
 	run_with_timeout($timeout, $readvalues);