summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTim Chase <[email protected]>2019-04-10 17:38:21 -0500
committerBrian Behlendorf <[email protected]>2019-04-10 15:38:21 -0700
commit8cb34421e0bf1fea316d16014483d61381a41f57 (patch)
tree442ec4c1919545a1d1d44b6ac822b16a02e21267
parent5ae4e4481eede259a64260ab1b09f86ff46c8f8d (diff)
Avoid stack overwrite in zfs_setattr_dir()
The bulk[] array index, count, must be reset per-iteration in order to not overwrite the stack. Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Chris Dunlop <[email protected]> Reviewed-by: Tom Caputi <[email protected]> Signed-off-by: Tim Chase <[email protected]> Closes #8072 Closes #8597 Closes #8601
-rw-r--r--module/zfs/zfs_vnops.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/module/zfs/zfs_vnops.c b/module/zfs/zfs_vnops.c
index c77101485..0de75a891 100644
--- a/module/zfs/zfs_vnops.c
+++ b/module/zfs/zfs_vnops.c
@@ -2710,11 +2710,12 @@ zfs_setattr_dir(znode_t *dzp)
dmu_tx_t *tx = NULL;
uint64_t uid, gid;
sa_bulk_attr_t bulk[4];
- int count = 0;
+ int count;
int err;
zap_cursor_init(&zc, os, dzp->z_id);
while ((err = zap_cursor_retrieve(&zc, &zap)) == 0) {
+ count = 0;
if (zap.za_integer_length != 8 || zap.za_num_integers != 1) {
err = ENXIO;
break;