From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 27 Jul 2018 12:55:17 +0000 (+0200)
Subject: print_text_table: untaint $width
X-Git-Url: https://git.proxmox.com/?p=pve-common.git;a=commitdiff_plain;h=b9474c9682f16179360e9e7c00644a871cfe3ae5

print_text_table: untaint $width

The value of $width depends on possible untainted $data (for example
task logs read from external files).

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
---

diff --git a/src/PVE/CLIFormatter.pm b/src/PVE/CLIFormatter.pm
index f6ad459..119bc06 100644
--- a/src/PVE/CLIFormatter.pm
+++ b/src/PVE/CLIFormatter.pm
@@ -209,6 +209,8 @@ sub print_text_table {
 		$width = $len if $len > $width;
 	    }
 
+	    $width = ($width =~ m/^(\d+)$/) ? int($1) : 0; # untaint int
+
 	    $rowdata->{$prop} = {
 		lines => $lines,
 		width => $width,