From 0f4ee295ba94803e5833f57481cfdbee5d1160d4 Mon Sep 17 00:00:00 2001 From: Damian Szuberski Date: Wed, 9 Nov 2022 04:16:01 +1000 Subject: [PATCH] dsl_prop_known_index(): check for invalid prop Resolve UBSAN array-index-out-of-bounds error in zprop_desc_t. Reviewed-by: Brian Behlendorf Signed-off-by: szubersk Closes #14142 Closes #14147 --- module/zcommon/zfs_prop.c | 26 ++++++++++++++++++++++++++ module/zfs/dsl_prop.c | 3 ++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/module/zcommon/zfs_prop.c b/module/zcommon/zfs_prop.c index a33eb36ac..b4e8fcf1f 100644 --- a/module/zcommon/zfs_prop.c +++ b/module/zcommon/zfs_prop.c @@ -722,6 +722,8 @@ zfs_prop_init(void) boolean_t zfs_prop_delegatable(zfs_prop_t prop) { + ASSERT3S(prop, >=, 0); + ASSERT3S(prop, <, ZFS_NUM_PROPS); zprop_desc_t *pd = &zfs_prop_table[prop]; /* The mlslabel property is never delegatable. */ @@ -844,6 +846,8 @@ zfs_prop_valid_for_type(int prop, zfs_type_t types, boolean_t headcheck) zprop_type_t zfs_prop_get_type(zfs_prop_t prop) { + ASSERT3S(prop, >=, 0); + ASSERT3S(prop, <, ZFS_NUM_PROPS); return (zfs_prop_table[prop].pd_proptype); } @@ -853,6 +857,8 @@ zfs_prop_get_type(zfs_prop_t prop) boolean_t zfs_prop_readonly(zfs_prop_t prop) { + ASSERT3S(prop, >=, 0); + ASSERT3S(prop, <, ZFS_NUM_PROPS); return (zfs_prop_table[prop].pd_attr == PROP_READONLY || zfs_prop_table[prop].pd_attr == PROP_ONETIME || zfs_prop_table[prop].pd_attr == PROP_ONETIME_DEFAULT); @@ -864,6 +870,8 @@ zfs_prop_readonly(zfs_prop_t prop) boolean_t zfs_prop_visible(zfs_prop_t prop) { + ASSERT3S(prop, >=, 0); + ASSERT3S(prop, <, ZFS_NUM_PROPS); return (zfs_prop_table[prop].pd_visible && zfs_prop_table[prop].pd_zfs_mod_supported); } @@ -874,6 +882,8 @@ zfs_prop_visible(zfs_prop_t prop) boolean_t zfs_prop_setonce(zfs_prop_t prop) { + ASSERT3S(prop, >=, 0); + ASSERT3S(prop, <, ZFS_NUM_PROPS); return (zfs_prop_table[prop].pd_attr == PROP_ONETIME || zfs_prop_table[prop].pd_attr == PROP_ONETIME_DEFAULT); } @@ -881,12 +891,16 @@ zfs_prop_setonce(zfs_prop_t prop) const char * zfs_prop_default_string(zfs_prop_t prop) { + ASSERT3S(prop, >=, 0); + ASSERT3S(prop, <, ZFS_NUM_PROPS); return (zfs_prop_table[prop].pd_strdefault); } uint64_t zfs_prop_default_numeric(zfs_prop_t prop) { + ASSERT3S(prop, >=, 0); + ASSERT3S(prop, <, ZFS_NUM_PROPS); return (zfs_prop_table[prop].pd_numdefault); } @@ -897,6 +911,8 @@ zfs_prop_default_numeric(zfs_prop_t prop) const char * zfs_prop_to_name(zfs_prop_t prop) { + ASSERT3S(prop, >=, 0); + ASSERT3S(prop, <, ZFS_NUM_PROPS); return (zfs_prop_table[prop].pd_name); } @@ -906,6 +922,8 @@ zfs_prop_to_name(zfs_prop_t prop) boolean_t zfs_prop_inheritable(zfs_prop_t prop) { + ASSERT3S(prop, >=, 0); + ASSERT3S(prop, <, ZFS_NUM_PROPS); return (zfs_prop_table[prop].pd_attr == PROP_INHERIT || zfs_prop_table[prop].pd_attr == PROP_ONETIME); } @@ -958,6 +976,8 @@ zfs_prop_valid_keylocation(const char *str, boolean_t encrypted) const char * zfs_prop_values(zfs_prop_t prop) { + ASSERT3S(prop, >=, 0); + ASSERT3S(prop, <, ZFS_NUM_PROPS); return (zfs_prop_table[prop].pd_values); } @@ -969,6 +989,8 @@ zfs_prop_values(zfs_prop_t prop) int zfs_prop_is_string(zfs_prop_t prop) { + ASSERT3S(prop, >=, 0); + ASSERT3S(prop, <, ZFS_NUM_PROPS); return (zfs_prop_table[prop].pd_proptype == PROP_TYPE_STRING || zfs_prop_table[prop].pd_proptype == PROP_TYPE_INDEX); } @@ -980,6 +1002,8 @@ zfs_prop_is_string(zfs_prop_t prop) const char * zfs_prop_column_name(zfs_prop_t prop) { + ASSERT3S(prop, >=, 0); + ASSERT3S(prop, <, ZFS_NUM_PROPS); return (zfs_prop_table[prop].pd_colname); } @@ -990,6 +1014,8 @@ zfs_prop_column_name(zfs_prop_t prop) boolean_t zfs_prop_align_right(zfs_prop_t prop) { + ASSERT3S(prop, >=, 0); + ASSERT3S(prop, <, ZFS_NUM_PROPS); return (zfs_prop_table[prop].pd_rightalign); } diff --git a/module/zfs/dsl_prop.c b/module/zfs/dsl_prop.c index d1c3ff543..6cba8bd20 100644 --- a/module/zfs/dsl_prop.c +++ b/module/zfs/dsl_prop.c @@ -75,7 +75,8 @@ static int dsl_prop_known_index(zfs_prop_t prop, uint64_t value) { const char *str = NULL; - if (zfs_prop_get_type(prop) == PROP_TYPE_INDEX) + if (prop != ZPROP_CONT && prop != ZPROP_INVAL && + zfs_prop_get_type(prop) == PROP_TYPE_INDEX) return (!zfs_prop_index_to_string(prop, value, &str)); return (-1);