mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2024-12-25 18:59:33 +03:00
Fix incorrect usage of strdup() in zfs_unmount_snap()
Modifying the length of a string returned by strdup() is incorrect because strfree() is allowed to use strlen() to determine which slab cache was used to do the allocation. Signed-off-by: Richard Yao <ryao@gentoo.org> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Issue #1775
This commit is contained in:
parent
8c8417933f
commit
20f04f08aa
@ -3365,17 +3365,17 @@ zfs_unmount_snap(const char *snapname)
|
||||
if ((ptr = strchr(snapname, '@')) == NULL)
|
||||
return;
|
||||
|
||||
dsname = strdup(snapname);
|
||||
dsname[ptr - snapname] = '\0';
|
||||
snapname = strdup(ptr + 1);
|
||||
fullname = kmem_asprintf("%s@%s", dsname, snapname);
|
||||
dsname = kmem_alloc(ptr - snapname + 1, KM_SLEEP);
|
||||
strlcpy(dsname, snapname, ptr - snapname + 1);
|
||||
fullname = strdup(snapname);
|
||||
|
||||
if (zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE) == 0) {
|
||||
ASSERT(!dsl_pool_config_held(dmu_objset_pool(zsb->z_os)));
|
||||
(void) zfsctl_unmount_snapshot(zsb, fullname, MNT_FORCE);
|
||||
zfs_sb_rele(zsb, FTAG);
|
||||
}
|
||||
|
||||
strfree(dsname);
|
||||
kmem_free(dsname, ptr - snapname + 1);
|
||||
strfree(fullname);
|
||||
|
||||
return;
|
||||
|
Loading…
Reference in New Issue
Block a user