diff options
author | Igor Kozhukhov <ikozhukhov@gmail.com> | 2016-06-15 14:28:36 -0700 |
---|---|---|
committer | Brian Behlendorf <behlendorf1@llnl.gov> | 2016-06-28 13:47:03 -0700 |
commit | eca7b76001a7d33f78bd98884aef8325bdbf98e7 (patch) | |
tree | bdcd0489c5a6c7840258c4c6063c9a4903bec256 /cmd | |
parent | 43e52eddb13d8accbd052fac9a242ce979531aa4 (diff) |
OpenZFS 6314 - buffer overflow in dsl_dataset_name
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Igor Kozhukhov <ikozhukhov@gmail.com>
Approved by: Dan McDonald <danmcd@omniti.com>
Ported-by: Brian Behlendorf <behlendorf1@llnl.gov>
OpenZFS-issue: https://www.illumos.org/issues/6314
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/d6160ee
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/zdb/zdb.c | 5 | ||||
-rw-r--r-- | cmd/zfs/zfs_main.c | 30 | ||||
-rw-r--r-- | cmd/zhack/zhack.c | 1 | ||||
-rw-r--r-- | cmd/ztest/ztest.c | 118 | ||||
-rw-r--r-- | cmd/zvol_id/zvol_id_main.c | 14 |
5 files changed, 83 insertions, 85 deletions
diff --git a/cmd/zdb/zdb.c b/cmd/zdb/zdb.c index ee5e21f10..967d74216 100644 --- a/cmd/zdb/zdb.c +++ b/cmd/zdb/zdb.c @@ -60,7 +60,6 @@ #include <sys/ddt.h> #include <sys/zfeature.h> #include <zfs_comutil.h> -#undef ZFS_MAXNAMELEN #include <libzfs.h> #define ZDB_COMPRESS_NAME(idx) ((idx) < ZIO_COMPRESS_FUNCTIONS ? \ @@ -2005,7 +2004,7 @@ dump_dir(objset_t *os) uint64_t refdbytes, usedobjs, scratch; char numbuf[32]; char blkbuf[BP_SPRINTF_LEN + 20]; - char osname[MAXNAMELEN]; + char osname[ZFS_MAX_DATASET_NAME_LEN]; char *type = "UNKNOWN"; int verbosity = dump_opt['d']; int print_header = 1; @@ -3553,7 +3552,7 @@ find_zpool(char **target, nvlist_t **configp, int dirc, char **dirv) nvlist_t *match = NULL; char *name = NULL; char *sepp = NULL; - char sep = 0; + char sep = '\0'; int count = 0; importargs_t args = { 0 }; diff --git a/cmd/zfs/zfs_main.c b/cmd/zfs/zfs_main.c index 3d20973a2..e8a4421cc 100644 --- a/cmd/zfs/zfs_main.c +++ b/cmd/zfs/zfs_main.c @@ -1483,7 +1483,7 @@ get_callback(zfs_handle_t *zhp, void *data) char buf[ZFS_MAXPROPLEN]; char rbuf[ZFS_MAXPROPLEN]; zprop_source_t sourcetype; - char source[ZFS_MAXNAMELEN]; + char source[ZFS_MAX_DATASET_NAME_LEN]; zprop_get_cbdata_t *cbp = data; nvlist_t *user_props = zfs_get_user_props(zhp); zprop_list_t *pl = cbp->cb_proplist; @@ -1963,7 +1963,7 @@ typedef struct upgrade_cbdata { uint64_t cb_version; boolean_t cb_newer; boolean_t cb_foundone; - char cb_lastfs[ZFS_MAXNAMELEN]; + char cb_lastfs[ZFS_MAX_DATASET_NAME_LEN]; } upgrade_cbdata_t; static int @@ -2412,7 +2412,7 @@ userspace_cb(void *arg, const char *domain, uid_t rid, uint64_t space) if (domain != NULL && domain[0] != '\0') { #ifdef HAVE_IDMAP /* SMB */ - char sid[ZFS_MAXNAMELEN + 32]; + char sid[MAXNAMELEN + 32]; uid_t id; uint64_t classes; int err; @@ -2546,7 +2546,7 @@ print_us_node(boolean_t scripted, boolean_t parsable, int *fields, int types, size_t *width, us_node_t *node) { nvlist_t *nvl = node->usn_nvl; - char valstr[ZFS_MAXNAMELEN]; + char valstr[MAXNAMELEN]; boolean_t first = B_TRUE; int cfield = 0; int field; @@ -3417,7 +3417,7 @@ zfs_do_rollback(int argc, char **argv) boolean_t force = B_FALSE; rollback_cbdata_t cb = { 0 }; zfs_handle_t *zhp, *snap; - char parentname[ZFS_MAXNAMELEN]; + char parentname[ZFS_MAX_DATASET_NAME_LEN]; char *delim; /* check options */ @@ -3818,7 +3818,7 @@ zfs_do_send(int argc, char **argv) */ if (strchr(argv[0], '@') == NULL || (fromname && strchr(fromname, '#') != NULL)) { - char frombuf[ZFS_MAXNAMELEN]; + char frombuf[ZFS_MAX_DATASET_NAME_LEN]; enum lzc_send_flags lzc_flags = 0; if (flags.replicate || flags.doall || flags.props || @@ -3870,7 +3870,7 @@ zfs_do_send(int argc, char **argv) * case if they specify the origin. */ if (fromname && (cp = strchr(fromname, '@')) != NULL) { - char origin[ZFS_MAXNAMELEN]; + char origin[ZFS_MAX_DATASET_NAME_LEN]; zprop_source_t src; (void) zfs_prop_get(zhp, ZFS_PROP_ORIGIN, @@ -4004,7 +4004,7 @@ zfs_do_receive(int argc, char **argv) usage(B_FALSE); } - char namebuf[ZFS_MAXNAMELEN]; + char namebuf[ZFS_MAX_DATASET_NAME_LEN]; (void) snprintf(namebuf, sizeof (namebuf), "%s/%%recv", argv[0]); @@ -4860,7 +4860,7 @@ store_allow_perm(zfs_deleg_who_type_t type, boolean_t local, boolean_t descend, { int i; char ld[2] = { '\0', '\0' }; - char who_buf[ZFS_MAXNAMELEN+32]; + char who_buf[MAXNAMELEN + 32]; char base_type = ZFS_DELEG_WHO_UNKNOWN; char set_type = ZFS_DELEG_WHO_UNKNOWN; nvlist_t *base_nvl = NULL; @@ -5224,7 +5224,7 @@ static void print_fs_perms(fs_perm_set_t *fspset) { fs_perm_node_t *node = NULL; - char buf[ZFS_MAXNAMELEN+32]; + char buf[MAXNAMELEN + 32]; const char *dsname = buf; for (node = uu_list_first(fspset->fsps_list); node != NULL; @@ -5233,7 +5233,7 @@ print_fs_perms(fs_perm_set_t *fspset) uu_avl_t *uge_avl = node->fspn_fsperm.fsp_uge_avl; int left = 0; - (void) snprintf(buf, ZFS_MAXNAMELEN+32, + (void) snprintf(buf, sizeof (buf), gettext("---- Permissions on %s "), node->fspn_fsperm.fsp_name); (void) printf("%s", dsname); @@ -5430,7 +5430,7 @@ zfs_do_hold_rele_impl(int argc, char **argv, boolean_t holding) for (i = 0; i < argc; ++i) { zfs_handle_t *zhp; - char parent[ZFS_MAXNAMELEN]; + char parent[ZFS_MAX_DATASET_NAME_LEN]; const char *delim; char *path = argv[i]; @@ -5558,7 +5558,7 @@ holds_callback(zfs_handle_t *zhp, void *data) nvlist_t *nvl = NULL; nvpair_t *nvp = NULL; const char *zname = zfs_get_name(zhp); - size_t znamelen = strnlen(zname, ZFS_MAXNAMELEN); + size_t znamelen = strlen(zname); if (cbp->cb_recursive) { const char *snapname; @@ -5579,7 +5579,7 @@ holds_callback(zfs_handle_t *zhp, void *data) while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) { const char *tag = nvpair_name(nvp); - size_t taglen = strnlen(tag, MAXNAMELEN); + size_t taglen = strlen(tag); if (taglen > cbp->cb_max_taglen) cbp->cb_max_taglen = taglen; } @@ -6695,7 +6695,7 @@ zfs_do_diff(int argc, char **argv) static int zfs_do_bookmark(int argc, char **argv) { - char snapname[ZFS_MAXNAMELEN]; + char snapname[ZFS_MAX_DATASET_NAME_LEN]; zfs_handle_t *zhp; nvlist_t *nvl; int ret = 0; diff --git a/cmd/zhack/zhack.c b/cmd/zhack/zhack.c index eedd17c30..cc4f174c6 100644 --- a/cmd/zhack/zhack.c +++ b/cmd/zhack/zhack.c @@ -48,7 +48,6 @@ #include <sys/zio_compress.h> #include <sys/zfeature.h> #include <sys/dmu_tx.h> -#undef ZFS_MAXNAMELEN #include <libzfs.h> extern boolean_t zfeature_checks_disable; diff --git a/cmd/ztest/ztest.c b/cmd/ztest/ztest.c index ad15dea1d..2cc410f10 100644 --- a/cmd/ztest/ztest.c +++ b/cmd/ztest/ztest.c @@ -145,8 +145,8 @@ typedef struct ztest_shared_hdr { static ztest_shared_hdr_t *ztest_shared_hdr; typedef struct ztest_shared_opts { - char zo_pool[MAXNAMELEN]; - char zo_dir[MAXNAMELEN]; + char zo_pool[ZFS_MAX_DATASET_NAME_LEN]; + char zo_dir[ZFS_MAX_DATASET_NAME_LEN]; char zo_alt_ztest[MAXNAMELEN]; char zo_alt_libpath[MAXNAMELEN]; uint64_t zo_vdevs; @@ -262,7 +262,7 @@ typedef struct ztest_od { uint64_t od_crdnodesize; uint64_t od_gen; uint64_t od_crgen; - char od_name[MAXNAMELEN]; + char od_name[ZFS_MAX_DATASET_NAME_LEN]; } ztest_od_t; /* @@ -274,7 +274,7 @@ typedef struct ztest_ds { rwlock_t zd_zilog_lock; zilog_t *zd_zilog; ztest_od_t *zd_od; /* debugging aid */ - char zd_name[MAXNAMELEN]; + char zd_name[ZFS_MAX_DATASET_NAME_LEN]; kmutex_t zd_dirobj_lock; rll_t zd_object_lock[ZTEST_OBJECT_LOCKS]; zll_t zd_range_lock[ZTEST_RANGE_LOCKS]; @@ -3504,7 +3504,7 @@ ztest_objset_destroy_cb(const char *name, void *arg) static boolean_t ztest_snapshot_create(char *osname, uint64_t id) { - char snapname[MAXNAMELEN]; + char snapname[ZFS_MAX_DATASET_NAME_LEN]; int error; (void) snprintf(snapname, sizeof (snapname), "%llu", (u_longlong_t)id); @@ -3524,10 +3524,10 @@ ztest_snapshot_create(char *osname, uint64_t id) static boolean_t ztest_snapshot_destroy(char *osname, uint64_t id) { - char snapname[MAXNAMELEN]; + char snapname[ZFS_MAX_DATASET_NAME_LEN]; int error; - (void) snprintf(snapname, MAXNAMELEN, "%s@%llu", osname, + (void) snprintf(snapname, sizeof (snapname), "%s@%llu", osname, (u_longlong_t)id); error = dsl_destroy_snapshot(snapname, B_FALSE); @@ -3544,16 +3544,15 @@ ztest_dmu_objset_create_destroy(ztest_ds_t *zd, uint64_t id) int iters; int error; objset_t *os, *os2; - char *name; + char name[ZFS_MAX_DATASET_NAME_LEN]; zilog_t *zilog; int i; zdtmp = umem_alloc(sizeof (ztest_ds_t), UMEM_NOFAIL); - name = umem_alloc(MAXNAMELEN, UMEM_NOFAIL); (void) rw_rdlock(&ztest_name_lock); - (void) snprintf(name, MAXNAMELEN, "%s/temp_%llu", + (void) snprintf(name, sizeof (name), "%s/temp_%llu", ztest_opts.zo_pool, (u_longlong_t)id); /* @@ -3639,7 +3638,6 @@ ztest_dmu_objset_create_destroy(ztest_ds_t *zd, uint64_t id) out: (void) rw_unlock(&ztest_name_lock); - umem_free(name, MAXNAMELEN); umem_free(zdtmp, sizeof (ztest_ds_t)); } @@ -3668,22 +3666,22 @@ ztest_dsl_dataset_cleanup(char *osname, uint64_t id) char *snap3name; int error; - snap1name = umem_alloc(MAXNAMELEN, UMEM_NOFAIL); - clone1name = umem_alloc(MAXNAMELEN, UMEM_NOFAIL); - snap2name = umem_alloc(MAXNAMELEN, UMEM_NOFAIL); - clone2name = umem_alloc(MAXNAMELEN, UMEM_NOFAIL); - snap3name = umem_alloc(MAXNAMELEN, UMEM_NOFAIL); - - (void) snprintf(snap1name, MAXNAMELEN, "%s@s1_%llu", - osname, (u_longlong_t)id); - (void) snprintf(clone1name, MAXNAMELEN, "%s/c1_%llu", - osname, (u_longlong_t)id); - (void) snprintf(snap2name, MAXNAMELEN, "%s@s2_%llu", - clone1name, (u_longlong_t)id); - (void) snprintf(clone2name, MAXNAMELEN, "%s/c2_%llu", - osname, (u_longlong_t)id); - (void) snprintf(snap3name, MAXNAMELEN, "%s@s3_%llu", - clone1name, (u_longlong_t)id); + snap1name = umem_alloc(ZFS_MAX_DATASET_NAME_LEN, UMEM_NOFAIL); + clone1name = umem_alloc(ZFS_MAX_DATASET_NAME_LEN, UMEM_NOFAIL); + snap2name = umem_alloc(ZFS_MAX_DATASET_NAME_LEN, UMEM_NOFAIL); + clone2name = umem_alloc(ZFS_MAX_DATASET_NAME_LEN, UMEM_NOFAIL); + snap3name = umem_alloc(ZFS_MAX_DATASET_NAME_LEN, UMEM_NOFAIL); + + (void) snprintf(snap1name, ZFS_MAX_DATASET_NAME_LEN, + "%s@s1_%llu", osname, (u_longlong_t)id); + (void) snprintf(clone1name, ZFS_MAX_DATASET_NAME_LEN, + "%s/c1_%llu", osname, (u_longlong_t)id); + (void) snprintf(snap2name, ZFS_MAX_DATASET_NAME_LEN, + "%s@s2_%llu", clone1name, (u_longlong_t)id); + (void) snprintf(clone2name, ZFS_MAX_DATASET_NAME_LEN, + "%s/c2_%llu", osname, (u_longlong_t)id); + (void) snprintf(snap3name, ZFS_MAX_DATASET_NAME_LEN, + "%s@s3_%llu", clone1name, (u_longlong_t)id); error = dsl_destroy_head(clone2name); if (error && error != ENOENT) @@ -3701,11 +3699,11 @@ ztest_dsl_dataset_cleanup(char *osname, uint64_t id) if (error && error != ENOENT) fatal(0, "dsl_destroy_snapshot(%s) = %d", snap1name, error); - umem_free(snap1name, MAXNAMELEN); - umem_free(clone1name, MAXNAMELEN); - umem_free(snap2name, MAXNAMELEN); - umem_free(clone2name, MAXNAMELEN); - umem_free(snap3name, MAXNAMELEN); + umem_free(snap1name, ZFS_MAX_DATASET_NAME_LEN); + umem_free(clone1name, ZFS_MAX_DATASET_NAME_LEN); + umem_free(snap2name, ZFS_MAX_DATASET_NAME_LEN); + umem_free(clone2name, ZFS_MAX_DATASET_NAME_LEN); + umem_free(snap3name, ZFS_MAX_DATASET_NAME_LEN); } /* @@ -3723,26 +3721,26 @@ ztest_dsl_dataset_promote_busy(ztest_ds_t *zd, uint64_t id) char *osname = zd->zd_name; int error; - snap1name = umem_alloc(MAXNAMELEN, UMEM_NOFAIL); - clone1name = umem_alloc(MAXNAMELEN, UMEM_NOFAIL); - snap2name = umem_alloc(MAXNAMELEN, UMEM_NOFAIL); - clone2name = umem_alloc(MAXNAMELEN, UMEM_NOFAIL); - snap3name = umem_alloc(MAXNAMELEN, UMEM_NOFAIL); + snap1name = umem_alloc(ZFS_MAX_DATASET_NAME_LEN, UMEM_NOFAIL); + clone1name = umem_alloc(ZFS_MAX_DATASET_NAME_LEN, UMEM_NOFAIL); + snap2name = umem_alloc(ZFS_MAX_DATASET_NAME_LEN, UMEM_NOFAIL); + clone2name = umem_alloc(ZFS_MAX_DATASET_NAME_LEN, UMEM_NOFAIL); + snap3name = umem_alloc(ZFS_MAX_DATASET_NAME_LEN, UMEM_NOFAIL); (void) rw_rdlock(&ztest_name_lock); ztest_dsl_dataset_cleanup(osname, id); - (void) snprintf(snap1name, MAXNAMELEN, "%s@s1_%llu", - osname, (u_longlong_t)id); - (void) snprintf(clone1name, MAXNAMELEN, "%s/c1_%llu", - osname, (u_longlong_t)id); - (void) snprintf(snap2name, MAXNAMELEN, "%s@s2_%llu", - clone1name, (u_longlong_t)id); - (void) snprintf(clone2name, MAXNAMELEN, "%s/c2_%llu", - osname, (u_longlong_t)id); - (void) snprintf(snap3name, MAXNAMELEN, "%s@s3_%llu", - clone1name, (u_longlong_t)id); + (void) snprintf(snap1name, ZFS_MAX_DATASET_NAME_LEN, + "%s@s1_%llu", osname, (u_longlong_t)id); + (void) snprintf(clone1name, ZFS_MAX_DATASET_NAME_LEN, + "%s/c1_%llu", osname, (u_longlong_t)id); + (void) snprintf(snap2name, ZFS_MAX_DATASET_NAME_LEN, + "%s@s2_%llu", clone1name, (u_longlong_t)id); + (void) snprintf(clone2name, ZFS_MAX_DATASET_NAME_LEN, + "%s/c2_%llu", osname, (u_longlong_t)id); + (void) snprintf(snap3name, ZFS_MAX_DATASET_NAME_LEN, + "%s@s3_%llu", clone1name, (u_longlong_t)id); error = dmu_objset_snapshot_one(osname, strchr(snap1name, '@') + 1); if (error && error != EEXIST) { @@ -3808,11 +3806,11 @@ out: (void) rw_unlock(&ztest_name_lock); - umem_free(snap1name, MAXNAMELEN); - umem_free(clone1name, MAXNAMELEN); - umem_free(snap2name, MAXNAMELEN); - umem_free(clone2name, MAXNAMELEN); - umem_free(snap3name, MAXNAMELEN); + umem_free(snap1name, ZFS_MAX_DATASET_NAME_LEN); + umem_free(clone1name, ZFS_MAX_DATASET_NAME_LEN); + umem_free(snap2name, ZFS_MAX_DATASET_NAME_LEN); + umem_free(clone2name, ZFS_MAX_DATASET_NAME_LEN); + umem_free(snap3name, ZFS_MAX_DATASET_NAME_LEN); } #undef OD_ARRAY_SIZE @@ -4622,7 +4620,7 @@ ztest_fzap(ztest_ds_t *zd, uint64_t id) * 2050 entries we should see ptrtbl growth and leaf-block split. */ for (i = 0; i < 2050; i++) { - char name[MAXNAMELEN]; + char name[ZFS_MAX_DATASET_NAME_LEN]; uint64_t value = i; dmu_tx_t *tx; int error; @@ -5077,7 +5075,7 @@ ztest_dmu_snapshot_hold(ztest_ds_t *zd, uint64_t id) char fullname[100]; char clonename[100]; char tag[100]; - char osname[MAXNAMELEN]; + char osname[ZFS_MAX_DATASET_NAME_LEN]; nvlist_t *holds; (void) rw_rdlock(&ztest_name_lock); @@ -5964,13 +5962,13 @@ ztest_thread(void *arg) static void ztest_dataset_name(char *dsname, char *pool, int d) { - (void) snprintf(dsname, MAXNAMELEN, "%s/ds_%d", pool, d); + (void) snprintf(dsname, ZFS_MAX_DATASET_NAME_LEN, "%s/ds_%d", pool, d); } static void ztest_dataset_destroy(int d) { - char name[MAXNAMELEN]; + char name[ZFS_MAX_DATASET_NAME_LEN]; int t; ztest_dataset_name(name, ztest_opts.zo_pool, d); @@ -6019,7 +6017,7 @@ ztest_dataset_open(int d) uint64_t committed_seq = ZTEST_GET_SHARED_DS(d)->zd_seq; objset_t *os; zilog_t *zilog; - char name[MAXNAMELEN]; + char name[ZFS_MAX_DATASET_NAME_LEN]; int error; ztest_dataset_name(name, ztest_opts.zo_pool, d); @@ -6256,8 +6254,8 @@ ztest_run(ztest_shared_t *zs) * different name. */ if (ztest_random(2) == 0) { - char name[MAXNAMELEN]; - (void) snprintf(name, MAXNAMELEN, "%s_import", + char name[ZFS_MAX_DATASET_NAME_LEN]; + (void) snprintf(name, sizeof (name), "%s_import", ztest_opts.zo_pool); ztest_spa_import_export(ztest_opts.zo_pool, name); ztest_spa_import_export(name, ztest_opts.zo_pool); @@ -6834,7 +6832,7 @@ main(int argc, char **argv) if (spa_open(ztest_opts.zo_pool, &spa, FTAG) == 0) { spa_close(spa, FTAG); } else { - char tmpname[MAXNAMELEN]; + char tmpname[ZFS_MAX_DATASET_NAME_LEN]; kernel_fini(); kernel_init(FREAD | FWRITE); (void) snprintf(tmpname, sizeof (tmpname), "%s_tmp", diff --git a/cmd/zvol_id/zvol_id_main.c b/cmd/zvol_id/zvol_id_main.c index 8f0504ae9..6bd5113f1 100644 --- a/cmd/zvol_id/zvol_id_main.c +++ b/cmd/zvol_id/zvol_id_main.c @@ -39,14 +39,14 @@ static int ioctl_get_msg(char *var, int fd) { int error = 0; - char msg[ZFS_MAXNAMELEN]; + char msg[ZFS_MAX_DATASET_NAME_LEN]; error = ioctl(fd, BLKZNAME, msg); if (error < 0) { return (error); } - snprintf(var, ZFS_MAXNAMELEN, "%s", msg); + snprintf(var, ZFS_MAX_DATASET_NAME_LEN, "%s", msg); return (error); } @@ -54,7 +54,8 @@ int main(int argc, char **argv) { int fd, error = 0; - char zvol_name[ZFS_MAXNAMELEN], zvol_name_part[ZFS_MAXNAMELEN]; + char zvol_name[ZFS_MAX_DATASET_NAME_LEN]; + char zvol_name_part[ZFS_MAX_DATASET_NAME_LEN]; char *dev_name; struct stat64 statbuf; int dev_minor, dev_part; @@ -87,10 +88,11 @@ main(int argc, char **argv) return (errno); } if (dev_part > 0) - snprintf(zvol_name_part, ZFS_MAXNAMELEN, "%s-part%d", zvol_name, - dev_part); + snprintf(zvol_name_part, ZFS_MAX_DATASET_NAME_LEN, + "%s-part%d", zvol_name, dev_part); else - snprintf(zvol_name_part, ZFS_MAXNAMELEN, "%s", zvol_name); + snprintf(zvol_name_part, ZFS_MAX_DATASET_NAME_LEN, + "%s", zvol_name); for (i = 0; i < strlen(zvol_name_part); i++) { if (isblank(zvol_name_part[i])) |