From 62195d5ab1e0c6b7993841edb88f1330a7e729fc Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 14 Dec 2023 17:55:12 +0100
Subject: [statistics] Sanitize live values from client

---
 modules-available/statistics/api.inc.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules-available/statistics/api.inc.php b/modules-available/statistics/api.inc.php
index f519380f..18a58a77 100644
--- a/modules-available/statistics/api.inc.php
+++ b/modules-available/statistics/api.inc.php
@@ -245,13 +245,17 @@ if ($type[0] === '~') {
 						'memfree', 'tmpfree', 'swapfree', 'id45free',
 						'cpuload', 'cputemp'] as $item) {
 			$liveVal = Request::post($item, false, 'int');
-			if ($liveVal !== false) {
+			if ($liveVal !== false && $liveVal >= 0) {
 				$strUpdateBoottime .= ' live_' . $item . ' = :live_' . $item . ', ';
 				if ($item === 'cpuload' || $item === 'cputemp') {
 					$liveVal = round($liveVal);
 				} else {
 					$liveVal = ceil($liveVal / 1024);
 				}
+				$max = ($item === 'cpuload') ? 100 : (2 ** 31);
+				if ($liveVal > $max) {
+					$liveVal = $max;
+				}
 				$params['live_' . $item] = $liveVal;
 			}
 		}
-- 
cgit v1.2.3-55-g7522