From f3f5263f8a9b0f8b51051698f68fbd76e181a685 Mon Sep 17 00:00:00 2001 From: Richard Yao Date: Tue, 13 Dec 2022 20:31:47 -0500 Subject: [PATCH] Zero end of embedded block buffer in dump_write_embedded() This fixes a kernel stack leak. Reviewed-by: Ryan Moeller Reviewed-by: Brian Behlendorf Tested-by: Nicholas Sherlock Signed-off-by: Richard Yao Closes #13778 Closes #14255 --- module/zfs/dmu_send.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/module/zfs/dmu_send.c b/module/zfs/dmu_send.c index 5ce2478e5..bcbc2ba60 100644 --- a/module/zfs/dmu_send.c +++ b/module/zfs/dmu_send.c @@ -584,7 +584,13 @@ dump_write_embedded(dmu_send_cookie_t *dscp, uint64_t object, uint64_t offset, decode_embedded_bp_compressed(bp, buf); - if (dump_record(dscp, buf, P2ROUNDUP(drrw->drr_psize, 8)) != 0) + uint32_t psize = drrw->drr_psize; + uint32_t rsize = P2ROUNDUP(psize, 8); + + if (psize != rsize) + memset(buf + psize, 0, rsize - psize); + + if (dump_record(dscp, buf, rsize) != 0) return (SET_ERROR(EINTR)); return (0); }