From 528fe535ac9579971eeb8c6b8120722167cb18f6 Mon Sep 17 00:00:00 2001
From: Nehal J Wani <nehaljw.kkd1@gmail.com>
Date: Fri, 30 Sep 2016 15:11:38 +0000
Subject: [PATCH] NSS: Add explicit check to not report expired lease

The NSS module shouldn't rely on custom leases database to not have
entries for leases which have expired.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 tools/nss/libvirt_nss.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c
index 54c4a2a133..0d59825298 100644
--- a/tools/nss/libvirt_nss.c
+++ b/tools/nss/libvirt_nss.c
@@ -42,6 +42,7 @@
 #include "virlease.h"
 #include "viralloc.h"
 #include "virfile.h"
+#include "virtime.h"
 #include "virerror.h"
 #include "virstring.h"
 #include "virsocketaddr.h"
@@ -114,6 +115,8 @@ findLease(const char *name,
     ssize_t i, nleases;
     leaseAddress *tmpAddress = NULL;
     size_t ntmpAddress = 0;
+    time_t currtime;
+    long long expirytime;
 
     *address = NULL;
     *naddress = 0;
@@ -161,6 +164,11 @@ findLease(const char *name,
     nleases = virJSONValueArraySize(leases_array);
     DEBUG("Read %zd leases", nleases);
 
+    if ((currtime = time(NULL)) == (time_t) - 1) {
+        ERROR("Failed to get current system time");
+        goto cleanup;
+    }
+
     for (i = 0; i < nleases; i++) {
         virJSONValuePtr lease;
         const char *lease_name;
@@ -181,6 +189,18 @@ findLease(const char *name,
         if (STRNEQ_NULLABLE(name, lease_name))
             continue;
 
+        if (virJSONValueObjectGetNumberLong(lease, "expiry-time", &expirytime) < 0) {
+            /* A lease cannot be present without expiry-time */
+            ERROR("expiry-time field missing for %s", name);
+            goto cleanup;
+        }
+
+        /* Do not report expired lease */
+        if (expirytime < (long long) currtime) {
+            DEBUG("Skipping expired lease for %s", name);
+            continue;
+        }
+
         DEBUG("Found record for %s", lease_name);
         *found = true;