On 03/12/2013 03:08 AM, Lei Li wrote:
Signed-off-by: Lei Li <address@hidden>
---
qga/commands-win32.c | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
+void qmp_guest_set_time(int64_t time_ns, Error **errp)
+{
+ SYSTEMTIME ts;
+ FILETIME tf;
+ LONGLONG time;
+
+ acquire_privilege(SE_SYSTEMTIME_NAME, errp);
+ if (error_is_set(errp)) {
+ error_setg(errp, "Failed to acquire privilege");
+ return;
+ }
Earlier, you told me that acquire_privilege is auto-dropped after a
successful SetSystemTime. But here, you acquire the privilege...
+
+ if (time_ns < 0 || time_ns / 100 > INT64_MAX - W32_FT_OFFSET) {
+ error_setg(errp, "Time %" PRId64 "is invalid", time_ns);
+ return;
...then return early without ever relinquishing it.
+ }
+
+ time = time_ns / 100 + W32_FT_OFFSET;
+
+ tf.dwLowDateTime = (DWORD) time;
+ tf.dwHighDateTime = (DWORD) (time >> 32);
+
+ if (!FileTimeToSystemTime(&tf, &ts)) {
+ error_setg(errp, "Failed to convert system time");
+ return;
+ }
I would reorder the acquire_privilege to here, to give us the best
possible chance of avoiding a leak of privileges when the user passes
bogus data.