aboutsummaryrefslogtreecommitdiffstats
path: root/include/sys/zio_checksum.h
diff options
context:
space:
mode:
authorNed Bass <[email protected]>2015-12-29 18:41:22 -0800
committerBrian Behlendorf <[email protected]>2015-12-30 13:20:12 -0800
commit43b4935e5358806de18461f3ee92e07c67071eb5 (patch)
treea9e96aadde616d25cf0e9868ee5778f19efd5899 /include/sys/zio_checksum.h
parent23de906c72946da56a54f75238693e186d44d6e2 (diff)
Prevent SA length overflow
The function sa_update() accepts a 32-bit length parameter and assigns it to a 16-bit field in sa_bulk_attr_t, potentially truncating the passed-in value. This could lead to corrupt system attribute (SA) records getting written to the pool. Add a VERIFY to sa_update() to detect cases where overflow would occur. The SA length is limited to 16-bit values by the on-disk format defined by sa_hdr_phys_t. The function zfs_sa_set_xattr() is vulnerable to this bug if the unpacked nvlist of xattrs is less than 64k in size but the packed size is greater than 64k. Fix this by appropriately checking the size of the packed nvlist before calling sa_update(). Add error handling to zpl_xattr_set_sa() to keep the cached list of SA-based xattrs consistent with the data on disk. Lastly, zfs_sa_set_xattr() calls dmu_tx_abort() on an assigned transaction if sa_update() returns an error, but the DMU only allows unassigned transactions to be aborted. Wrap the sa_update() call in a VERIFY0, remove the transaction abort, and call dmu_tx_commit() unconditionally. This is consistent practice with other callers of sa_update(). Signed-off-by: Ned Bass <[email protected]> Signed-off-by: Brian Behlendorf <[email protected]> Signed-off-by: Richard Yao <[email protected]> Closes #4150
Diffstat (limited to 'include/sys/zio_checksum.h')
0 files changed, 0 insertions, 0 deletions