On 03/12/2013 11:05 PM, Eric Blake wrote:
On 03/12/2013 03:08 AM, Lei Li wrote:
Signed-off-by: Lei Li <li...@linux.vnet.ibm.com>
---
qga/commands-win32.c | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
+void qmp_guest_set_time(int64_t time_ns, Error **errp)
+{
+ SYSTEMTIME ts;
+ FILETIME tf;
+ LONGLONG time;
+
+ acquire_privilege(SE_SYSTEMTIME_NAME, errp);
+ if (error_is_set(errp)) {
+ error_setg(errp, "Failed to acquire privilege");
+ return;
+ }
Earlier, you told me that acquire_privilege is auto-dropped after a
successful SetSystemTime. But here, you acquire the privilege...
+
+ if (time_ns < 0 || time_ns / 100 > INT64_MAX - W32_FT_OFFSET) {
+ error_setg(errp, "Time %" PRId64 "is invalid", time_ns);
+ return;
...then return early without ever relinquishing it.
+ }
+
+ time = time_ns / 100 + W32_FT_OFFSET;
+
+ tf.dwLowDateTime = (DWORD) time;
+ tf.dwHighDateTime = (DWORD) (time >> 32);
+
+ if (!FileTimeToSystemTime(&tf, &ts)) {
+ error_setg(errp, "Failed to convert system time");
+ return;
+ }
I would reorder the acquire_privilege to here, to give us the best
possible chance of avoiding a leak of privileges when the user passes
bogus data.
It make sense, I should thought about this, thank you!
+
+ if (!SetSystemTime(&ts)) {
+ slog("guest-set-time failed: %d", GetLastError());
+ error_setg_errno(errp, errno, "Failed to set time to guest");
+ return;
+ }
+}
+
int64_t qmp_guest_file_open(const char *path, bool has_mode, const char
*mode, Error **err)
{
error_set(err, QERR_UNSUPPORTED);
--
Lei