diff options
author | heary-cao <[email protected]> | 2016-07-27 14:58:17 +0800 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2016-07-29 15:34:12 -0700 |
commit | 9f3d1407dcfa7a8548b17d36ef501dd72a215560 (patch) | |
tree | 3e4ce1c50676908c06d40a014fc393bab3d8cb03 | |
parent | 3b86aeb2952c91aeb8ed0ebf9d5e43119fa537a0 (diff) |
Fix zfs_allow_log_destroy() NULL dereference
In zfs_ioc_log_history() function the tsd_set() function is called
with NULL which causes the zfs_allow_log_destroy() to be run. In
this case the passed value will be NULL. This is normally entirely
safe because strfree() maps directly to kfree() which may be passed
a NULL. However, since alternate implementations of strfree() may
not handle this gracefully add a check for NULL.
Observed under an embedded Linux 2.6.32.41 kernel running the
automated testing while running the ZFS Test Suite.
Signed-off-by: caoxuewen <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #4872
-rw-r--r-- | module/zfs/zfs_ioctl.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/module/zfs/zfs_ioctl.c b/module/zfs/zfs_ioctl.c index 3cd3628ce..8e187d59c 100644 --- a/module/zfs/zfs_ioctl.c +++ b/module/zfs/zfs_ioctl.c @@ -3345,6 +3345,8 @@ zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) * we clear the TSD here. */ poolname = tsd_get(zfs_allow_log_key); + if (poolname == NULL) + return (SET_ERROR(EINVAL)); (void) tsd_set(zfs_allow_log_key, NULL); error = spa_open(poolname, &spa, FTAG); strfree(poolname); @@ -6297,7 +6299,9 @@ static void zfs_allow_log_destroy(void *arg) { char *poolname = arg; - strfree(poolname); + + if (poolname != NULL) + strfree(poolname); } #ifdef DEBUG |