c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2024-12-26 03:09:34 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix incorrect usage of strdup() in zfs_unmount_snap()

Browse Source 
Modifying the length of a string returned by strdup() is incorrect
because strfree() is allowed to use strlen() to determine which slab
cache was used to do the allocation.

Signed-off-by: Richard Yao <ryao@gentoo.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Issue #1775
This commit is contained in:
Richard Yao 2013-10-08 17:59:42 -04:00 committed by Brian Behlendorf
parent 8c8417933f
commit 20f04f08aa
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
module/zfs/zfs_ioctl.c
View File

@ -3365,17 +3365,17 @@ zfs_unmount_snap(const char *snapname)
if ((ptr = strchr(snapname, '@')) == NULL) if ((ptr = strchr(snapname, '@')) == NULL)
return; return;
dsname = strdup(snapname); dsname = kmem_alloc(ptr - snapname + 1, KM_SLEEP);
dsname[ptr - snapname] = '\0'; strlcpy(dsname, snapname, ptr - snapname + 1);
snapname = strdup(ptr + 1); fullname = strdup(snapname);
fullname = kmem_asprintf("%s@%s", dsname, snapname);
if (zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE) == 0) { if (zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE) == 0) {
ASSERT(!dsl_pool_config_held(dmu_objset_pool(zsb->z_os))); ASSERT(!dsl_pool_config_held(dmu_objset_pool(zsb->z_os)));
(void) zfsctl_unmount_snapshot(zsb, fullname, MNT_FORCE); (void) zfsctl_unmount_snapshot(zsb, fullname, MNT_FORCE);
zfs_sb_rele(zsb, FTAG); zfs_sb_rele(zsb, FTAG);
} }
strfree(dsname); kmem_free(dsname, ptr - snapname + 1);
strfree(fullname); strfree(fullname);
return; return;