On 03/12/2013 03:08 AM, Lei Li wrote: > Signed-off-by: Lei Li <li...@linux.vnet.ibm.com> > --- > qga/commands-win32.c | 34 ++++++++++++++++++++++++++++++++++ > 1 file changed, 34 insertions(+) >
> +void qmp_guest_set_time(int64_t time_ns, Error **errp)
> +{
> + SYSTEMTIME ts;
> + FILETIME tf;
> + LONGLONG time;
> +
> + acquire_privilege(SE_SYSTEMTIME_NAME, errp);
> + if (error_is_set(errp)) {
> + error_setg(errp, "Failed to acquire privilege");
> + return;
> + }
Earlier, you told me that acquire_privilege is auto-dropped after a
successful SetSystemTime. But here, you acquire the privilege...
> +
> + if (time_ns < 0 || time_ns / 100 > INT64_MAX - W32_FT_OFFSET) {
> + error_setg(errp, "Time %" PRId64 "is invalid", time_ns);
> + return;
...then return early without ever relinquishing it.
> + }
> +
> + time = time_ns / 100 + W32_FT_OFFSET;
> +
> + tf.dwLowDateTime = (DWORD) time;
> + tf.dwHighDateTime = (DWORD) (time >> 32);
> +
> + if (!FileTimeToSystemTime(&tf, &ts)) {
> + error_setg(errp, "Failed to convert system time");
> + return;
> + }
I would reorder the acquire_privilege to here, to give us the best
possible chance of avoiding a leak of privileges when the user passes
bogus data.
> +
> + if (!SetSystemTime(&ts)) {
> + slog("guest-set-time failed: %d", GetLastError());
> + error_setg_errno(errp, errno, "Failed to set time to guest");
> + return;
> + }
> +}
> +
> int64_t qmp_guest_file_open(const char *path, bool has_mode, const char
> *mode, Error **err)
> {
> error_set(err, QERR_UNSUPPORTED);
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
