Fix #1925: untaint rbd JSON output

Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>

diff --git a/PVE/Storage/RBDPlugin.pm b/PVE/Storage/RBDPlugin.pm
index ee373d68f96316490fa7ee5880578ce531483941..0acfb2d468ffc6a64635ac594a56aa97a654d43f 100644 (file)
--- a/PVE/Storage/RBDPlugin.pm
+++ b/PVE/Storage/RBDPlugin.pm
@@ -166,7 +166,14 @@ sub rbd_ls {
 
     die $err if $err && $err !~ m/doesn't contain rbd images/ ;
 
-    my $result = $raw ne '' ? JSON::decode_json($raw) : [];
+    my $result;
+    if ($raw eq '') {
+       $result = [];
+    } elsif ($raw =~ m/^(\[.*\])$/s) { # untaint
+       $result = JSON::decode_json($1);
+    } else {
+       die "got unexpected data from rbd ls: '$raw'\n";
+    }
 
     my $list = {};
 
@@ -206,7 +213,14 @@ sub rbd_volume_info {
 
     run_rbd_command($cmd, errmsg => "rbd error", errfunc => sub {}, outfunc => $parser);
 
-    my $volume = $raw ne '' ? JSON::decode_json($raw) : {};
+    my $volume;
+    if ($raw eq '') {
+       $volume = {};
+    } elsif ($raw =~ m/^(\{.*\})$/s) { # untaint
+       $volume = JSON::decode_json($1);
+    } else {
+       die "got unexpected data from rbd info: '$raw'\n";
+    }
 
     $volume->{parent} = $get_parent_image_name->($volume->{parent});
     $volume->{protected} = defined($volume->{protected}) && $volume->{protected} eq "true" ? 1 : undef;
@@ -325,7 +339,9 @@ my $find_free_diskname = sub {
 
     my $parser = sub {
        my $line = shift;
-       push @$disk_list, $line;
+       if ($line = m/^(.*)$/) { # untaint
+           push @$disk_list, $1;
+       }
     };
 
     eval {