ui: Check numeric part of expire_password argument @time properly

When argument @time isn't 'now' or 'never', we parse it as an integer, optionally prefixed with '+'. If parsing fails, we silently assume zero. Report an error and fail instead. While there, use qemu_strtou64() instead of strtoull() so checkpatch.pl won't complain. Aside: encoding numbers in strings is bad QMP practice. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20230109190321.1056914-2-armbru@redhat.com>
2024-07-22 02:44:53 +00:00 · 2023-01-09 20:03:05 +01:00 · 2023-01-09 20:03:05 +01:00 · 49e56287cc
parent 7ec8aeb604
commit 49e56287cc
1 changed files with 15 additions and 2 deletions
--- a/monitor/qmp-cmds.c
+++ b/monitor/qmp-cmds.c
@ -201,15 +201,28 @@ void qmp_expire_password(ExpirePasswordOptions *opts, Error **errp)
    time_t when;
    int rc;
    const char *whenstr = opts->time;
+    const char *numstr = NULL;
+    uint64_t num;

    if (strcmp(whenstr, "now") == 0) {
        when = 0;
    } else if (strcmp(whenstr, "never") == 0) {
        when = TIME_MAX;
    } else if (whenstr[0] == '+') {
-        when = time(NULL) + strtoull(whenstr+1, NULL, 10);
+        when = time(NULL);
+        numstr = whenstr + 1;
    } else {
-        when = strtoull(whenstr, NULL, 10);
+        when = 0;
+        numstr = whenstr;
+    }
+
+    if (numstr) {
+        if (qemu_strtou64(numstr, NULL, 10, &num) < 0) {
+            error_setg(errp, "Parameter 'time' doesn't take value '%s'",
+                       whenstr);
+            return;
+        }
+        when += num;
    }

    if (opts->protocol == DISPLAY_PROTOCOL_SPICE) {