The performance improvements added in cb9db10c1a9855cf40ff13e81f9dd97d6a9b2698 changed the output handling to not remove the taintedness (see perlsec (1)) of the complete output anymore.
This results in a few bugs which show up every now and then, and are usually quite tedious to hunt down - usually they only occur when run via GUI (since pveproxy/pvedaemon run in taint-mode, whereas our CLI utilities usually do not) - see for example pve-storage commit 609f117ff24d2cff6b155e1d4b1175ceebe5bd7b or more recently the report in our community-forum: https://forum.proxmox.com/threads/cannot-clone-vm-or-move-disk-with-more-than-13-snapshots.89628/ (the magic number of 13 snapshots is the point where the output of `qemu-img info --output=json` grows to more than 4k) Given the doubtful security benefit of having to untaint output, only if it does not end in new-line or if it is longer than 4k (we read the output in 4k chunks) simply untaint the output unconditionally. Tested with the reproducer from the forum-thread Signed-off-by: Stoiko Ivanov <[email protected]> --- Huge thanks to Dominik who pointed me in the right direction, after I spend far more time than I'm proud to admit in the JSON::XS source, perlsec(1), perlguts(1) and the surprisingly unhelpful output of debugperl -Du src/PVE/Tools.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm index 8946e93..eb140ae 100644 --- a/src/PVE/Tools.pm +++ b/src/PVE/Tools.pm @@ -516,7 +516,7 @@ sub run_command { &$outfunc($line) if $outfunc; &$logfunc($line) if $logfunc; } - $outlog .= $buf; + ($outlog) .= ($buf =~ /(.*)/); #untaint }; my $err = $@; if ($err) { @@ -537,7 +537,7 @@ sub run_command { &$errfunc($line) if $errfunc; &$logfunc($line) if $logfunc; } - $errlog .= $buf; + ($errlog) .= ($buf =~ /(.*)/); #untaint }; my $err = $@; if ($err) { -- 2.20.1 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
