Vered Volansky has posted comments on this change. Change subject: core: TimeoutBase: Prevent updating mutable Date ......................................................................
Patch Set 2: Looks good to me, but someone else must approve (2 inline comments) .................................................... Commit Message Line 6: Line 7: core: TimeoutBase: Prevent updating mutable Date Line 8: Line 9: TimeoutBase contains a java.util.Date member, mEndTime. The value of Line 10: this member can be passed in (by setEndTime(Date)) and out (by /in/into , /out/out of , and remove the 'of' after the parentheses. Line 11: getEndTime()) of the class. Since java.util.Date is a mutable class, the Line 12: end time of the TimeoutBase may be manipulated, maliciously or Line 13: mistakenly, by someone holding a reference to that object. Line 14: Line 13: mistakenly, by someone holding a reference to that object. Line 14: Line 15: This patch removes this vulnerability by replacing this member by a Line 16: simple primitive long, representing the unix time Line 17: (System.currTimeMillisi()), since the Date semantics (e.g., DST) aren't /aren't/isn't Line 18: used anyway. Line 19: Line 20: Change-Id: Icd77e518369fa25bfe684d249d12e0f8e2bb1a0f -- To view, visit http://gerrit.ovirt.org/11897 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Icd77e518369fa25bfe684d249d12e0f8e2bb1a0f Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Allon Mureinik <[email protected]> Gerrit-Reviewer: Alissa Bonas <[email protected]> Gerrit-Reviewer: Allon Mureinik <[email protected]> Gerrit-Reviewer: Daniel Erez <[email protected]> Gerrit-Reviewer: Liron Aravot <[email protected]> Gerrit-Reviewer: Maor Lipchuk <[email protected]> Gerrit-Reviewer: Michael Kublin <[email protected]> Gerrit-Reviewer: Tal Nisan <[email protected]> Gerrit-Reviewer: Vered Volansky <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
