projects / debian / amanda / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Imported Upstream version 2.5.0
[debian/amanda] / server-src / amoverview.pl.in
diff --git a/server-src/amoverview.pl.in b/server-src/amoverview.pl.in
index 25f1e07c888d89da0a77957c88c59d12114daf5e..300f7ddd1c2e1ad3790ad890a0f0c7af51b088ff 100644 (file)
--- a/server-src/amoverview.pl.in
+++ b/server-src/amoverview.pl.in
@@ -78,6 +78,15 @@ elsif($#ARGV > 0) {
   Usage();
 }
 
+#untaint user input $ARGV[0]
+
+if ($opt_config =~ /^([\w.-]+)$/) {          # $1 is untainted
+   $opt_config = $1;
+} else {
+    die "filename '$opt_config' has invalid characters.\n";
+}
+
+
 -d "$confdir/$opt_config" or
        die "$0: directory `$confdir/$opt_config' does not exist.\n";
 
@@ -115,7 +124,7 @@ while (<$fh>) {
     next if /found Amanda directory/;
     next if /skipping cruft directory/;
     next if /skip-incr/;
-    ($date, $host, $disk, $level, $tape, $file, $status) = split ' ', $_;
+    ($date, $host, $disk, $level, $tape, $file, $part, $status) = split ' ', $_;
     next if $date eq 'date';
     next if $date eq 'Warning:';
     next if $date eq 'Scanning';
Debian packaging of amanda