From 24ab59e0af673d6804d252fbf81ca65ad7d1d1e8 Mon Sep 17 00:00:00 2001
From: Stefan Hanreich <s.hanreich@proxmox.com>
Date: Tue, 28 Nov 2023 09:58:57 +0100
Subject: [PATCH] dhcp: dnsmasq: untaint when deleting configuration files

The current invocation is quite unsafe and triggers the taint mode of
Perl that is enabled for our API daemons, but not pvesh used on
cluster-wide apply.
Replacing it with dir_glob_foreach solves those issues.

Reported-By: Friedrich Weber <f.weber@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 src/PVE/Network/SDN/Dhcp/Dnsmasq.pm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
index e65e973..2844943 100644
--- a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
+++ b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
@@ -234,7 +234,13 @@ CFG
 	$default_dnsmasq_config
     );
 
-    unlink glob "$config_directory/10-*.conf";
+    my @config_files = ();
+    PVE::Tools::dir_glob_foreach($config_directory, '10-.*\.conf', sub {
+	my ($file) = @_;
+	push @config_files, "$config_directory/$file";
+    });
+
+    unlink @config_files;
 }
 
 sub after_configure {
-- 
2.39.5