From 12349ad05fd6090db48ebb28fe9301b5f3c220de Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Wed, 8 Jan 2020 10:32:12 +0100
Subject: [PATCH] REST Handler: check for value defindness when untainting

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 src/PVE/RESTHandler.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/PVE/RESTHandler.pm b/src/PVE/RESTHandler.pm
index 04b0773..5e8278e 100644
--- a/src/PVE/RESTHandler.pm
+++ b/src/PVE/RESTHandler.pm
@@ -438,7 +438,11 @@ sub handle {
 	# untaint data (already validated)
 	my $extra = delete $param->{'extra-args'};
 	while (my ($key, $val) = each %$param) {
-	    ($param->{$key}) = $val =~ /^(.*)$/s;
+	    if (defined($val)) {
+		($param->{$key}) = $val =~ /^(.*)$/s;
+	    } else {
+		$param->{$key} = undef;
+	    }
 	}
 	$param->{'extra-args'} = [map { /^(.*)$/ } @$extra] if $extra;
     }
-- 
2.39.2