diff options
author | Richard Yao <[email protected]> | 2013-10-08 17:59:42 -0400 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2013-10-29 15:06:18 -0700 |
commit | 20f04f08aa5032f1e958ba38654d9ed833b6b636 (patch) | |
tree | cf988efa424aa502ceab158ed0a7f46a53233253 | |
parent | 8c8417933f11d2bda734056f34f5d7c982acbcec (diff) |
Fix incorrect usage of strdup() in zfs_unmount_snap()
Modifying the length of a string returned by strdup() is incorrect
because strfree() is allowed to use strlen() to determine which slab
cache was used to do the allocation.
Signed-off-by: Richard Yao <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Issue #1775
-rw-r--r-- | module/zfs/zfs_ioctl.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/module/zfs/zfs_ioctl.c b/module/zfs/zfs_ioctl.c index be782ba80..b12205e68 100644 --- a/module/zfs/zfs_ioctl.c +++ b/module/zfs/zfs_ioctl.c @@ -3365,17 +3365,17 @@ zfs_unmount_snap(const char *snapname) if ((ptr = strchr(snapname, '@')) == NULL) return; - dsname = strdup(snapname); - dsname[ptr - snapname] = '\0'; - snapname = strdup(ptr + 1); - fullname = kmem_asprintf("%s@%s", dsname, snapname); + dsname = kmem_alloc(ptr - snapname + 1, KM_SLEEP); + strlcpy(dsname, snapname, ptr - snapname + 1); + fullname = strdup(snapname); + if (zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE) == 0) { ASSERT(!dsl_pool_config_held(dmu_objset_pool(zsb->z_os))); (void) zfsctl_unmount_snapshot(zsb, fullname, MNT_FORCE); zfs_sb_rele(zsb, FTAG); } - strfree(dsname); + kmem_free(dsname, ptr - snapname + 1); strfree(fullname); return; |