projects
/
debian
/
amanda
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Imported Upstream version 2.5.0
[debian/amanda]
/
server-src
/
amoverview.pl.in
diff --git
a/server-src/amoverview.pl.in
b/server-src/amoverview.pl.in
index 25f1e07c888d89da0a77957c88c59d12114daf5e..300f7ddd1c2e1ad3790ad890a0f0c7af51b088ff 100644
(file)
--- a/
server-src/amoverview.pl.in
+++ b/
server-src/amoverview.pl.in
@@
-78,6
+78,15
@@
elsif($#ARGV > 0) {
Usage();
}
Usage();
}
+#untaint user input $ARGV[0]
+
+if ($opt_config =~ /^([\w.-]+)$/) { # $1 is untainted
+ $opt_config = $1;
+} else {
+ die "filename '$opt_config' has invalid characters.\n";
+}
+
+
-d "$confdir/$opt_config" or
die "$0: directory `$confdir/$opt_config' does not exist.\n";
-d "$confdir/$opt_config" or
die "$0: directory `$confdir/$opt_config' does not exist.\n";
@@
-115,7
+124,7
@@
while (<$fh>) {
next if /found Amanda directory/;
next if /skipping cruft directory/;
next if /skip-incr/;
next if /found Amanda directory/;
next if /skipping cruft directory/;
next if /skip-incr/;
- ($date, $host, $disk, $level, $tape, $file, $status) = split ' ', $_;
+ ($date, $host, $disk, $level, $tape, $file, $
part, $
status) = split ' ', $_;
next if $date eq 'date';
next if $date eq 'Warning:';
next if $date eq 'Scanning';
next if $date eq 'date';
next if $date eq 'Warning:';
next if $date eq 'Scanning';