Signed-off-by: Dietmar Maurer <diet...@proxmox.com>
---
src/PVE/ACME.pm | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/PVE/ACME.pm b/src/PVE/ACME.pm
index e827aa9..38a14a5 100644
--- a/src/PVE/ACME.pm
+++ b/src/PVE/ACME.pm
@@ -152,7 +152,9 @@ sub load {
my ($self) = @_;
return if $self->{loaded};
$self->{loaded} = 1;
- my $data = fromjs(file_get_contents($self->{path}));
+ my $raw = file_get_contents($self->{path});
+ if ($raw =~ m/^(.*)$/s) { $raw = $1; } # untaint
+ my $data = fromjs($raw);
$self->{$_} = $data->{$_} for @SAVED_VALUES;
if (defined(my $keystr = $data->{key})) {
my $key = Crypt::OpenSSL::RSA->new_private_key($keystr);
--
2.11.0
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
