X-Git-Url: https://git.gag.com/?a=blobdiff_plain;ds=sidebyside;f=server-src%2Famoverview.pl.in;h=300f7ddd1c2e1ad3790ad890a0f0c7af51b088ff;hb=1194fb66aa28d9929c3f2bef3cc6c1c3f40a60a4;hp=25f1e07c888d89da0a77957c88c59d12114daf5e;hpb=2df780bff19c457b0debb7adc29972a0bc2a5dc2;p=debian%2Famanda

diff --git a/server-src/amoverview.pl.in b/server-src/amoverview.pl.in
index 25f1e07..300f7dd 100644
--- a/server-src/amoverview.pl.in
+++ b/server-src/amoverview.pl.in
@@ -78,6 +78,15 @@ elsif($#ARGV > 0) {
   Usage();
 }
 
+#untaint user input $ARGV[0]
+
+if ($opt_config =~ /^([\w.-]+)$/) {          # $1 is untainted
+   $opt_config = $1;
+} else {
+    die "filename '$opt_config' has invalid characters.\n";
+}
+
+
 -d "$confdir/$opt_config" or
 	die "$0: directory `$confdir/$opt_config' does not exist.\n";
 
@@ -115,7 +124,7 @@ while (<$fh>) {
     next if /found Amanda directory/;
     next if /skipping cruft directory/;
     next if /skip-incr/;
-    ($date, $host, $disk, $level, $tape, $file, $status) = split ' ', $_;
+    ($date, $host, $disk, $level, $tape, $file, $part, $status) = split ' ', $_;
     next if $date eq 'date';
     next if $date eq 'Warning:';
     next if $date eq 'Scanning';