]> granicus.if.org Git - zfs/commitdiff
projects / zfs / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 4e3de24)
Fix NULL pointer dereference in 'zfs create'
authorLOLi <loli10K@users.noreply.github.com>
Tue, 9 May 2017 22:22:46 +0000 (00:22 +0200)
committerBrian Behlendorf <behlendorf1@llnl.gov>
Tue, 9 May 2017 22:22:46 +0000 (15:22 -0700)
A race condition between 'zpool export' and 'zfs create' can crash the
latter: this is because we never check libzfs`zpool_open() return
value in libzfs`zfs_create().

Reviewed-by: George Melikov <mail@gmelikov.ru>
Reviewed-by: Giuseppe Di Natale <dinatale2@llnl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: loli10K <ezomori.nozomu@gmail.com>
Closes #6096

lib/libzfs/libzfs_dataset.c patch | blob | history

diff --git a/lib/libzfs/libzfs_dataset.c b/lib/libzfs/libzfs_dataset.c
index 8130e400f2b7f439b5bb74f99fd748a725c27ed2..0f18fd6900d57c37c2ea04cb9432d63963bcd91c 100644 (file)
--- a/lib/libzfs/libzfs_dataset.c
+++ b/lib/libzfs/libzfs_dataset.c
@@ -3370,6 +3370,7 @@ zfs_create(libzfs_handle_t *hdl, const char *path, zfs_type_t type,
        char errbuf[1024];
        uint64_t zoned;
        enum lzc_dataset_type ost;
+       zpool_handle_t *zpool_handle;
 
        (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
            "cannot create '%s'"), path);
@@ -3409,7 +3410,8 @@ zfs_create(libzfs_handle_t *hdl, const char *path, zfs_type_t type,
        if (p != NULL)
                *p = '\0';
 
-       zpool_handle_t *zpool_handle = zpool_open(hdl, pool_path);
+       if ((zpool_handle = zpool_open(hdl, pool_path)) == NULL)
+               return (-1);
 
        if (props && (props = zfs_valid_proplist(hdl, type, props,
            zoned, NULL, zpool_handle, errbuf)) == 0) {
Unnamed repository; edit this file 'description' to name the repository.