mirror of https://github.com/xemu-project/xemu.git
ui: Check numeric part of expire_password argument @time properly
When argument @time isn't 'now' or 'never', we parse it as an integer, optionally prefixed with '+'. If parsing fails, we silently assume zero. Report an error and fail instead. While there, use qemu_strtou64() instead of strtoull() so checkpatch.pl won't complain. Aside: encoding numbers in strings is bad QMP practice. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20230109190321.1056914-2-armbru@redhat.com>
This commit is contained in:
Markus Armbruster
parent
7ec8aeb604
commit
49e56287cc
|
|
@ -201,15 +201,28 @@ void qmp_expire_password(ExpirePasswordOptions *opts, Error **errp)
|
||||||
time_t when;
|
time_t when;
|
||||||
int rc;
|
int rc;
|
||||||
const char *whenstr = opts->time;
|
const char *whenstr = opts->time;
|
||||||
|
const char *numstr = NULL;
|
||||||
|
uint64_t num;
|
||||||
|
|
||||||
if (strcmp(whenstr, "now") == 0) {
|
if (strcmp(whenstr, "now") == 0) {
|
||||||
when = 0;
|
when = 0;
|
||||||
} else if (strcmp(whenstr, "never") == 0) {
|
} else if (strcmp(whenstr, "never") == 0) {
|
||||||
when = TIME_MAX;
|
when = TIME_MAX;
|
||||||
} else if (whenstr[0] == '+') {
|
} else if (whenstr[0] == '+') {
|
||||||
when = time(NULL) + strtoull(whenstr+1, NULL, 10);
|
when = time(NULL);
|
||||||
|
numstr = whenstr + 1;
|
||||||
} else {
|
} else {
|
||||||
when = strtoull(whenstr, NULL, 10);
|
when = 0;
|
||||||
|
numstr = whenstr;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (numstr) {
|
||||||
|
if (qemu_strtou64(numstr, NULL, 10, &num) < 0) {
|
||||||
|
error_setg(errp, "Parameter 'time' doesn't take value '%s'",
|
||||||
|
whenstr);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
when += num;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (opts->protocol == DISPLAY_PROTOCOL_SPICE) {
|
if (opts->protocol == DISPLAY_PROTOCOL_SPICE) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue