etc/systemd/zfs-mount-generator: avoid strndupa

The non-standard strndupa function is not implemented by musl libc,
and can be dangerous due to its potential to blow the stack.  (musl
_does_ implement strdupa, used elsewhere in this function.)

With a similar amount of code, we can use a heap allocation to
construct the pool name, which is musl-friendly and doesn't have
potential stack problems.

(Why care about musl when systemd only supports glibc?  Some distros
patch systemd with portability fixes, and it would be nice to be able
to use ZFS on those distros.)

 Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Alyssa Ross <[email protected]>
Closes #14327

1 files changed, 5 insertions, 4 deletions

diff --git a/etc/systemd/system-generators/zfs-mount-generator.c b/etc/systemd/system-generators/zfs-mount-generator.c
index b07574e72..ab5dc4d78 100644
--- a/etc/systemd/system-generators/zfs-mount-generator.c
+++ b/etc/systemd/system-generators/zfs-mount-generator.c
@@ -224,9 +224,10 @@ line_worker(char *line, const char *cachefile)
 	const char *p_systemd_ignore            = strtok_r(NULL, "\t", &toktmp) ?: "-";
 	/* END CSTYLED */
 
-	const char *pool = dataset;
-	if ((toktmp = strchr(pool, '/')) != NULL)
-		pool = strndupa(pool, toktmp - pool);
+	size_t pool_len = strlen(dataset);
+	if ((toktmp = strchr(dataset, '/')) != NULL)
+		pool_len = toktmp - dataset;
+	const char *pool = *(tofree++) = strndup(dataset, pool_len);
 
 	if (p_nbmand == NULL) {
 		fprintf(stderr, PROGNAME "[%d]: %s: not enough tokens!\n",
@@ -734,7 +735,7 @@ end:
 	if (tofree >= tofree_all + nitems(tofree_all)) {
 		/*
 		 * This won't happen as-is:
-		 * we've got 8 slots and allocate 4 things at most.
+		 * we've got 8 slots and allocate 5 things at most.
 		 */
 		fprintf(stderr,
 		    PROGNAME "[%d]: %s: need to free %zu > %zu!\n",