]> granicus.if.org Git - zfs/commitdiff
projects / zfs / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8c84179)
Fix incorrect usage of strdup() in zfs_unmount_snap()
authorRichard Yao <ryao@gentoo.org>
Tue, 8 Oct 2013 21:59:42 +0000 (17:59 -0400)
committerBrian Behlendorf <behlendorf1@llnl.gov>
Tue, 29 Oct 2013 22:06:18 +0000 (15:06 -0700)
Modifying the length of a string returned by strdup() is incorrect
because strfree() is allowed to use strlen() to determine which slab
cache was used to do the allocation.

Signed-off-by: Richard Yao <ryao@gentoo.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Issue #1775

module/zfs/zfs_ioctl.c patch | blob | history

diff --git a/module/zfs/zfs_ioctl.c b/module/zfs/zfs_ioctl.c
index be782ba80298f514f9fabc71f6a3ac97e0f70341..b12205e68e63403ea53a3c0be4b154d0f9bfaaa0 100644 (file)
--- a/module/zfs/zfs_ioctl.c
+++ b/module/zfs/zfs_ioctl.c
@@ -3365,17 +3365,17 @@ zfs_unmount_snap(const char *snapname)
        if ((ptr = strchr(snapname, '@')) == NULL)
                return;
 
-       dsname = strdup(snapname);
-       dsname[ptr - snapname] = '\0';
-       snapname = strdup(ptr + 1);
-       fullname = kmem_asprintf("%s@%s", dsname, snapname);
+       dsname = kmem_alloc(ptr - snapname + 1, KM_SLEEP);
+       strlcpy(dsname, snapname, ptr - snapname + 1);
+       fullname = strdup(snapname);
+
        if (zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE) == 0) {
                ASSERT(!dsl_pool_config_held(dmu_objset_pool(zsb->z_os)));
                (void) zfsctl_unmount_snapshot(zsb, fullname, MNT_FORCE);
                zfs_sb_rele(zsb, FTAG);
        }
 
-       strfree(dsname);
+       kmem_free(dsname, ptr - snapname + 1);
        strfree(fullname);
 
        return;
Unnamed repository; edit this file 'description' to name the repository.