Fix incorrect usage of strdup() in zfs_unmount_snap()

Modifying the length of a string returned by strdup() is incorrect
because strfree() is allowed to use strlen() to determine which slab
cache was used to do the allocation.

Signed-off-by: Richard Yao <ryao@gentoo.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Issue #1775
This commit is contained in:
Richard Yao 2013-10-08 17:59:42 -04:00 committed by Brian Behlendorf
parent 8c8417933f
commit 20f04f08aa

View File

@ -3365,17 +3365,17 @@ zfs_unmount_snap(const char *snapname)
if ((ptr = strchr(snapname, '@')) == NULL)
return;
dsname = strdup(snapname);
dsname[ptr - snapname] = '\0';
snapname = strdup(ptr + 1);
fullname = kmem_asprintf("%s@%s", dsname, snapname);
dsname = kmem_alloc(ptr - snapname + 1, KM_SLEEP);
strlcpy(dsname, snapname, ptr - snapname + 1);
fullname = strdup(snapname);
if (zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE) == 0) {
ASSERT(!dsl_pool_config_held(dmu_objset_pool(zsb->z_os)));
(void) zfsctl_unmount_snapshot(zsb, fullname, MNT_FORCE);
zfs_sb_rele(zsb, FTAG);
}
strfree(dsname);
kmem_free(dsname, ptr - snapname + 1);
strfree(fullname);
return;