FreeBSD: Fix out of bounds read in zfs_ioctl_ozfs_to_legacy()

There is an off by 1 error in the check. Fortunately, this function does
not appear to be used in kernel space, despite being compiled as part of
the kernel module. However, it is used in userspace. Callers of
lzc_ioctl_fd() likely will crash if they attempt to use the
unimplemented request number.

This was reported by FreeBSD's coverity scan.

Reported-by: Coverity (CID 1432059)
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Damian Szuberski <szuberskidamian@gmail.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14135
This commit is contained in:
Richard Yao 2022-11-04 14:06:14 -04:00 committed by GitHub
parent f66ffe6878
commit 993ee7a006
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -319,7 +319,7 @@ zfs_ioctl_legacy_to_ozfs(int request)
int
zfs_ioctl_ozfs_to_legacy(int request)
{
if (request > ZFS_IOC_LAST)
if (request >= ZFS_IOC_LAST)
return (-1);
if (request > ZFS_IOC_PLATFORM) {