diff options
author | Tom Caputi <[email protected]> | 2020-01-14 15:25:20 -0500 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2020-01-14 12:25:20 -0800 |
commit | 61152d1069595db08f9b53ee518683382caf313e (patch) | |
tree | 94c02406bced0e296a795506f504361aab935529 /lib/libuutil/uu_pname.c | |
parent | f744f36ce583ed27dcfcda93ecd0af1df994a891 (diff) |
Fix errata #4 handling for resuming streams
Currently, the handling for errata #4 has two issues which allow
the checks for this issue to be bypassed using resumable sends.
The first issue is that drc->drc_fromsnapobj is not set in the
resuming code as it is in the non-resuming code. This causes
dsl_crypto_recv_key_check() to skip its checks for the
from_ivset_guid. The second issue is that resumable sends do not
clean up their on-disk state if they fail the checks in
dmu_recv_stream() that happen before any data is received.
As a result of these two bugs, a user can attempt a resumable send
of a dataset without a from_ivset_guid. This will fail the initial
dmu_recv_stream() checks, leaving a valid resume state. The send
can then be resumed, which skips those checks, allowing the receive
to be completed.
This commit fixes these issues by setting drc->drc_fromsnapobj in
the resuming receive path and by ensuring that resumablereceives
are properly cleaned up if they fail the initial dmu_recv_stream()
checks.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Tom Caputi <[email protected]>
Closes #9818
Closes #9829
Diffstat (limited to 'lib/libuutil/uu_pname.c')
0 files changed, 0 insertions, 0 deletions