]> granicus.if.org Git - zfs/commitdiff
zfs send does not handle invalid input gracefully
authorloli10K <loli10K@users.noreply.github.com>
Mon, 8 Jul 2019 22:10:23 +0000 (00:10 +0200)
committerBrian Behlendorf <behlendorf1@llnl.gov>
Mon, 8 Jul 2019 22:10:23 +0000 (15:10 -0700)
Due to some changes introduced in 30af21b 'zfs send' can crash when
provided with invalid inputs: this change attempts to add more checks
to the affected code paths.

Reviewed-by: Attila Fülöp <attila@fueloep.org>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Signed-off-by: loli10K <ezomori.nozomu@gmail.com>
Closes #9001

cmd/zfs/zfs_main.c
lib/libzfs/libzfs_sendrecv.c

index d9709ae62913635cbe8227c3d790011dee67776c..0ebd16f6d6a5ae0fc7f9219d31a97dabfabfd68c 100644 (file)
@@ -4338,7 +4338,11 @@ zfs_do_send(int argc, char **argv)
                return (1);
        }
 
-       cp = strchr(argv[0], '@');
+       if ((cp = strchr(argv[0], '@')) == NULL) {
+               (void) fprintf(stderr, gettext("Error: "
+                   "Unsupported flag with filesystem or bookmark.\n"));
+               return (1);
+       }
        *cp = '\0';
        toname = cp + 1;
        zhp = zfs_open(g_zfs, argv[0], ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
index 885f263bf0d9c21b86f90e8bc1c63a8eb7b8f914..9fdb990522d9eb2aebe3afad6e958e6ca9a57b30 100644 (file)
@@ -2422,6 +2422,10 @@ zfs_send(zfs_handle_t *zhp, const char *fromsnap, const char *tosnap,
                }
                zfs_handle_t *tosnap = zfs_open(zhp->zfs_hdl,
                    full_tosnap_name, ZFS_TYPE_SNAPSHOT);
+               if (tosnap == NULL) {
+                       err = -1;
+                       goto err_out;
+               }
                err = send_prelim_records(tosnap, fromsnap, outfd,
                    flags->replicate || flags->props || flags->holds,
                    flags->replicate, flags->verbosity > 0, flags->dryrun,
@@ -2707,6 +2711,8 @@ zfs_send_one(zfs_handle_t *zhp, const char *from, int fd, sendflags_t *flags,
        if (from != NULL && strchr(from, '@')) {
                zfs_handle_t *from_zhp = zfs_open(hdl, from,
                    ZFS_TYPE_DATASET);
+               if (from_zhp == NULL)
+                       return (-1);
                if (!snapshot_is_before(from_zhp, zhp)) {
                        zfs_close(from_zhp);
                        zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,