c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2026-05-23 02:44:41 +03:00
Code Issues Packages Projects Releases Wiki Activity

OpenZFS 6314 - buffer overflow in dsl_dataset_name

Browse Source 
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Igor Kozhukhov <ikozhukhov@gmail.com>
Approved by: Dan McDonald <danmcd@omniti.com>
Ported-by: Brian Behlendorf <behlendorf1@llnl.gov>

OpenZFS-issue: https://www.illumos.org/issues/6314
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/d6160ee
This commit is contained in:
Igor Kozhukhov
2016-06-15 14:28:36 -07:00
committed by Brian Behlendorf
parent 43e52eddb1
commit eca7b76001
41 changed files with 297 additions and 334 deletions
Download Patch File Download Diff File Expand all files Collapse all files
module/zcommon/zfs_namecheck.c
+4 -42
View File
@@ -69,7 +69,7 @@ zfs_component_namecheck(const char *path, namecheck_err_t *why, char *what)
{
const char *loc;
if (strlen(path) >= MAXNAMELEN) {
if (strlen(path) >= ZFS_MAX_DATASET_NAME_LEN) {
if (why)
*why = NAME_ERR_TOOLONG;
return (-1);
@@ -140,27 +140,8 @@ dataset_namecheck(const char *path, namecheck_err_t *why, char *what)
/*
* Make sure the name is not too long.
*
* ZFS_MAXNAMELEN is the maximum dataset length used in the userland
* which is the same as MAXNAMELEN used in the kernel.
* If ZFS_MAXNAMELEN value is changed, make sure to cleanup all
* places using MAXNAMELEN.
*
* When HAVE_KOBJ_NAME_LEN is defined the maximum safe kobject name
* length is 20 bytes. This 20 bytes is broken down as follows to
* provide a maximum safe <pool>/<dataset>[@snapshot] length of only
* 18 bytes. To ensure bytes are left for <dataset>[@snapshot] the
* <pool> portition is futher limited to 9 bytes. For 2.6.27 and
* newer kernels this limit is set to MAXNAMELEN.
*
* <pool>/<dataset> + <partition> + <newline>
* (18) + (1) + (1)
*/
#ifdef HAVE_KOBJ_NAME_LEN
if (strlen(path) > 18) {
#else
if (strlen(path) >= MAXNAMELEN) {
#endif /* HAVE_KOBJ_NAME_LEN */
if (strlen(path) >= ZFS_MAX_DATASET_NAME_LEN) {
if (why)
*why = NAME_ERR_TOOLONG;
return (-1);
@@ -289,7 +270,7 @@ mountpoint_namecheck(const char *path, namecheck_err_t *why)
while (*end != '/' && *end != '\0')
end++;
if (end - start >= MAXNAMELEN) {
if (end - start >= ZFS_MAX_DATASET_NAME_LEN) {
if (why)
*why = NAME_ERR_TOOLONG;
return (-1);
@@ -314,27 +295,8 @@ pool_namecheck(const char *pool, namecheck_err_t *why, char *what)
/*
* Make sure the name is not too long.
*
* ZPOOL_MAXNAMELEN is the maximum pool length used in the userland
* which is the same as MAXNAMELEN used in the kernel.
* If ZPOOL_MAXNAMELEN value is changed, make sure to cleanup all
* places using MAXNAMELEN.
*
* When HAVE_KOBJ_NAME_LEN is defined the maximum safe kobject name
* length is 20 bytes. This 20 bytes is broken down as follows to
* provide a maximum safe <pool>/<dataset>[@snapshot] length of only
* 18 bytes. To ensure bytes are left for <dataset>[@snapshot] the
* <pool> portition is futher limited to 8 bytes. For 2.6.27 and
* newer kernels this limit is set to MAXNAMELEN.
*
* <pool>/<dataset> + <partition> + <newline>
* (18) + (1) + (1)
*/
#ifdef HAVE_KOBJ_NAME_LEN
if (strlen(pool) > 8) {
#else
if (strlen(pool) >= MAXNAMELEN) {
#endif /* HAVE_KOBJ_NAME_LEN */
if (strlen(pool) >= ZFS_MAX_DATASET_NAME_LEN) {
if (why)
*why = NAME_ERR_TOOLONG;
return (-1);