From 49e56287cccfe8b5def4bc4916f367b9a0303161 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Mon, 9 Jan 2023 20:03:05 +0100 Subject: [PATCH] ui: Check numeric part of expire_password argument @time properly MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit When argument @time isn't 'now' or 'never', we parse it as an integer, optionally prefixed with '+'. If parsing fails, we silently assume zero. Report an error and fail instead. While there, use qemu_strtou64() instead of strtoull() so checkpatch.pl won't complain. Aside: encoding numbers in strings is bad QMP practice. Signed-off-by: Markus Armbruster Reviewed-by: Daniel P. Berrangé Message-Id: <20230109190321.1056914-2-armbru@redhat.com> --- monitor/qmp-cmds.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/monitor/qmp-cmds.c b/monitor/qmp-cmds.c index 2932b3f3a5..a1695b6c96 100644 --- a/monitor/qmp-cmds.c +++ b/monitor/qmp-cmds.c @@ -201,15 +201,28 @@ void qmp_expire_password(ExpirePasswordOptions *opts, Error **errp) time_t when; int rc; const char *whenstr = opts->time; + const char *numstr = NULL; + uint64_t num; if (strcmp(whenstr, "now") == 0) { when = 0; } else if (strcmp(whenstr, "never") == 0) { when = TIME_MAX; } else if (whenstr[0] == '+') { - when = time(NULL) + strtoull(whenstr+1, NULL, 10); + when = time(NULL); + numstr = whenstr + 1; } else { - when = strtoull(whenstr, NULL, 10); + when = 0; + numstr = whenstr; + } + + if (numstr) { + if (qemu_strtou64(numstr, NULL, 10, &num) < 0) { + error_setg(errp, "Parameter 'time' doesn't take value '%s'", + whenstr); + return; + } + when += num; } if (opts->protocol == DISPLAY_PROTOCOL_SPICE) { -- 2.11.0