summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Yao <[email protected]>2013-10-08 17:59:42 -0400
committerBrian Behlendorf <[email protected]>2013-10-29 15:06:18 -0700
commit20f04f08aa5032f1e958ba38654d9ed833b6b636 (patch)
treecf988efa424aa502ceab158ed0a7f46a53233253
parent8c8417933f11d2bda734056f34f5d7c982acbcec (diff)
Fix incorrect usage of strdup() in zfs_unmount_snap()
Modifying the length of a string returned by strdup() is incorrect because strfree() is allowed to use strlen() to determine which slab cache was used to do the allocation. Signed-off-by: Richard Yao <[email protected]> Signed-off-by: Brian Behlendorf <[email protected]> Issue #1775
-rw-r--r--module/zfs/zfs_ioctl.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/module/zfs/zfs_ioctl.c b/module/zfs/zfs_ioctl.c
index be782ba80..b12205e68 100644
--- a/module/zfs/zfs_ioctl.c
+++ b/module/zfs/zfs_ioctl.c
@@ -3365,17 +3365,17 @@ zfs_unmount_snap(const char *snapname)
if ((ptr = strchr(snapname, '@')) == NULL)
return;
- dsname = strdup(snapname);
- dsname[ptr - snapname] = '\0';
- snapname = strdup(ptr + 1);
- fullname = kmem_asprintf("%s@%s", dsname, snapname);
+ dsname = kmem_alloc(ptr - snapname + 1, KM_SLEEP);
+ strlcpy(dsname, snapname, ptr - snapname + 1);
+ fullname = strdup(snapname);
+
if (zfs_sb_hold(dsname, FTAG, &zsb, B_FALSE) == 0) {
ASSERT(!dsl_pool_config_held(dmu_objset_pool(zsb->z_os)));
(void) zfsctl_unmount_snapshot(zsb, fullname, MNT_FORCE);
zfs_sb_rele(zsb, FTAG);
}
- strfree(dsname);
+ kmem_free(dsname, ptr - snapname + 1);
strfree(fullname);
return;