[libvirt] [PATCH] NSS: Add explicit check to not report expired lease

Michal Privoznik mprivozn at redhat.com
Fri Sep 30 13:07:17 UTC 2016 

On 28.09.2016 21:38, Nehal J Wani wrote:
> The NSS module shouldn't rely on custom leases database to not have
> entries for leases which have expired.
> ---
>  tools/nss/libvirt_nss.c | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c
> index 54c4a2a..57ba473 100644
> --- a/tools/nss/libvirt_nss.c
> +++ b/tools/nss/libvirt_nss.c
> @@ -42,6 +42,7 @@
>  #include "virlease.h"
>  #include "viralloc.h"
>  #include "virfile.h"
> +#include "virtime.h"

Well, technically you just need <time.h>, but luckily we are including
virtime module in our libvirt-nss archive, and virtime.h includes
time.h, so I think this is just okay.

>  #include "virerror.h"
>  #include "virstring.h"
>  #include "virsocketaddr.h"
> @@ -114,6 +115,8 @@ findLease(const char *name,
>      ssize_t i, nleases;
>      leaseAddress *tmpAddress = NULL;
>      size_t ntmpAddress = 0;
> +    long long currtime = 0;
> +    long long expirytime = -1;

These initializations make no sense. @currtime is rewritten right away,
and @expirytime a bit later (or a an error is reported if failed to do so).

>  
>      *address = NULL;
>      *naddress = 0;
> @@ -161,6 +164,8 @@ findLease(const char *name,
>      nleases = virJSONValueArraySize(leases_array);
>      DEBUG("Read %zd leases", nleases);
>  
> +    currtime = (long long) time(NULL);

I think that we should check for an error here. And if so, properly
report it.

> +
>      for (i = 0; i < nleases; i++) {
>          virJSONValuePtr lease;
>          const char *lease_name;
> @@ -181,6 +186,16 @@ findLease(const char *name,
>          if (STRNEQ_NULLABLE(name, lease_name))
>              continue;
>  
> +        if (virJSONValueObjectGetNumberLong(lease, "expiry-time", &expirytime) < 0) {
> +            /* A lease cannot be present without expiry-time */
> +            ERROR("expiry-time field missing for %s", name);
> +            goto cleanup;
> +        }
> +
> +        /* Do not report expired lease */
> +        if (expirytime < currtime)
> +            continue;
> +
>          DEBUG("Found record for %s", lease_name);
>          *found = true;
>  
> 

Otherwise looking good.

Michal

More information about the libvir-list mailing list