aboutsummaryrefslogtreecommitdiffstats
path: root/lib/libzfs/libzfs_dataset.c
diff options
context:
space:
mode:
authorLOLi <[email protected]>2017-05-10 00:22:46 +0200
committerBrian Behlendorf <[email protected]>2017-05-09 15:22:46 -0700
commit78d95eaa732f074a6351045e59cd974380ad50ab (patch)
tree18c7454b70fca1dd3b5e255c235785a70c862044 /lib/libzfs/libzfs_dataset.c
parent4e3de24b61b9116f0138d22ec687d0a759b29967 (diff)
Fix NULL pointer dereference in 'zfs create'
A race condition between 'zpool export' and 'zfs create' can crash the latter: this is because we never check libzfs`zpool_open() return value in libzfs`zfs_create(). Reviewed-by: George Melikov <[email protected]> Reviewed-by: Giuseppe Di Natale <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: loli10K <[email protected]> Closes #6096
Diffstat (limited to 'lib/libzfs/libzfs_dataset.c')
-rw-r--r--lib/libzfs/libzfs_dataset.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/libzfs/libzfs_dataset.c b/lib/libzfs/libzfs_dataset.c
index 8130e400f..0f18fd690 100644
--- a/lib/libzfs/libzfs_dataset.c
+++ b/lib/libzfs/libzfs_dataset.c
@@ -3370,6 +3370,7 @@ zfs_create(libzfs_handle_t *hdl, const char *path, zfs_type_t type,
char errbuf[1024];
uint64_t zoned;
enum lzc_dataset_type ost;
+ zpool_handle_t *zpool_handle;
(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
"cannot create '%s'"), path);
@@ -3409,7 +3410,8 @@ zfs_create(libzfs_handle_t *hdl, const char *path, zfs_type_t type,
if (p != NULL)
*p = '\0';
- zpool_handle_t *zpool_handle = zpool_open(hdl, pool_path);
+ if ((zpool_handle = zpool_open(hdl, pool_path)) == NULL)
+ return (-1);
if (props && (props = zfs_valid_proplist(hdl, type, props,
zoned, NULL, zpool_handle, errbuf)) == 0) {