NSS: Add explicit check to not report expired lease

The NSS module shouldn't rely on custom leases database to not have
entries for leases which have expired.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Nehal J Wani 2016-09-30 15:11:38 +00:00 committed by Michal Privoznik
parent 66bfc7cc61
commit 528fe535ac

View File

@ -42,6 +42,7 @@
#include "virlease.h" #include "virlease.h"
#include "viralloc.h" #include "viralloc.h"
#include "virfile.h" #include "virfile.h"
#include "virtime.h"
#include "virerror.h" #include "virerror.h"
#include "virstring.h" #include "virstring.h"
#include "virsocketaddr.h" #include "virsocketaddr.h"
@ -114,6 +115,8 @@ findLease(const char *name,
ssize_t i, nleases; ssize_t i, nleases;
leaseAddress *tmpAddress = NULL; leaseAddress *tmpAddress = NULL;
size_t ntmpAddress = 0; size_t ntmpAddress = 0;
time_t currtime;
long long expirytime;
*address = NULL; *address = NULL;
*naddress = 0; *naddress = 0;
@ -161,6 +164,11 @@ findLease(const char *name,
nleases = virJSONValueArraySize(leases_array); nleases = virJSONValueArraySize(leases_array);
DEBUG("Read %zd leases", nleases); DEBUG("Read %zd leases", nleases);
if ((currtime = time(NULL)) == (time_t) - 1) {
ERROR("Failed to get current system time");
goto cleanup;
}
for (i = 0; i < nleases; i++) { for (i = 0; i < nleases; i++) {
virJSONValuePtr lease; virJSONValuePtr lease;
const char *lease_name; const char *lease_name;
@ -181,6 +189,18 @@ findLease(const char *name,
if (STRNEQ_NULLABLE(name, lease_name)) if (STRNEQ_NULLABLE(name, lease_name))
continue; continue;
if (virJSONValueObjectGetNumberLong(lease, "expiry-time", &expirytime) < 0) {
/* A lease cannot be present without expiry-time */
ERROR("expiry-time field missing for %s", name);
goto cleanup;
}
/* Do not report expired lease */
if (expirytime < (long long) currtime) {
DEBUG("Skipping expired lease for %s", name);
continue;
}
DEBUG("Found record for %s", lease_name); DEBUG("Found record for %s", lease_name);
*found = true; *found = true;