OpenZFS 6314 - buffer overflow in dsl_dataset_name

Reviewed by: George Wilson <[email protected]>
Reviewed by: Prakash Surya <[email protected]>
Reviewed by: Igor Kozhukhov <[email protected]>
Approved by: Dan McDonald <[email protected]>
Ported-by: Brian Behlendorf <[email protected]>

OpenZFS-issue: https://www.illumos.org/issues/6314
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/d6160ee

1 files changed, 4 insertions, 42 deletions

diff --git a/module/zcommon/zfs_namecheck.c b/module/zcommon/zfs_namecheck.c
index ff724be58..b58071bed 100644
--- a/module/zcommon/zfs_namecheck.c
+++ b/module/zcommon/zfs_namecheck.c
@@ -69,7 +69,7 @@ zfs_component_namecheck(const char *path, namecheck_err_t *why, char *what)
 {
 	const char *loc;
 
-	if (strlen(path) >= MAXNAMELEN) {
+	if (strlen(path) >= ZFS_MAX_DATASET_NAME_LEN) {
 		if (why)
 			*why = NAME_ERR_TOOLONG;
 		return (-1);
@@ -140,27 +140,8 @@ dataset_namecheck(const char *path, namecheck_err_t *why, char *what)
 
 	/*
 	 * Make sure the name is not too long.
-	 *
-	 * ZFS_MAXNAMELEN is the maximum dataset length used in the userland
-	 * which is the same as MAXNAMELEN used in the kernel.
-	 * If ZFS_MAXNAMELEN value is changed, make sure to cleanup all
-	 * places using MAXNAMELEN.
-	 *
-	 * When HAVE_KOBJ_NAME_LEN is defined the maximum safe kobject name
-	 * length is 20 bytes.  This 20 bytes is broken down as follows to
-	 * provide a maximum safe <pool>/<dataset>[@snapshot] length of only
-	 * 18 bytes.  To ensure bytes are left for <dataset>[@snapshot] the
-	 * <pool> portition is futher limited to 9 bytes.  For 2.6.27 and
-	 * newer kernels this limit is set to MAXNAMELEN.
-	 *
-	 *   <pool>/<dataset> + <partition> + <newline>
-	 *   (18)             + (1)         + (1)
 	 */
-#ifdef HAVE_KOBJ_NAME_LEN
-	if (strlen(path) > 18) {
-#else
-	if (strlen(path) >= MAXNAMELEN) {
-#endif /* HAVE_KOBJ_NAME_LEN */
+	if (strlen(path) >= ZFS_MAX_DATASET_NAME_LEN) {
 		if (why)
 			*why = NAME_ERR_TOOLONG;
 		return (-1);
@@ -289,7 +270,7 @@ mountpoint_namecheck(const char *path, namecheck_err_t *why)
 		while (*end != '/' && *end != '\0')
 			end++;
 
-		if (end - start >= MAXNAMELEN) {
+		if (end - start >= ZFS_MAX_DATASET_NAME_LEN) {
 			if (why)
 				*why = NAME_ERR_TOOLONG;
 			return (-1);
@@ -314,27 +295,8 @@ pool_namecheck(const char *pool, namecheck_err_t *why, char *what)
 
 	/*
 	 * Make sure the name is not too long.
-	 *
-	 * ZPOOL_MAXNAMELEN is the maximum pool length used in the userland
-	 * which is the same as MAXNAMELEN used in the kernel.
-	 * If ZPOOL_MAXNAMELEN value is changed, make sure to cleanup all
-	 * places using MAXNAMELEN.
-	 *
-	 * When HAVE_KOBJ_NAME_LEN is defined the maximum safe kobject name
-	 * length is 20 bytes.  This 20 bytes is broken down as follows to
-	 * provide a maximum safe <pool>/<dataset>[@snapshot] length of only
-	 * 18 bytes.  To ensure bytes are left for <dataset>[@snapshot] the
-	 * <pool> portition is futher limited to 8 bytes.  For 2.6.27 and
-	 * newer kernels this limit is set to MAXNAMELEN.
-	 *
-	 *   <pool>/<dataset> + <partition> + <newline>
-	 *   (18)             + (1)         + (1)
 	 */
-#ifdef HAVE_KOBJ_NAME_LEN
-	if (strlen(pool) > 8) {
-#else
-	if (strlen(pool) >= MAXNAMELEN) {
-#endif /* HAVE_KOBJ_NAME_LEN */
+	if (strlen(pool) >= ZFS_MAX_DATASET_NAME_LEN) {
 		if (why)
 			*why = NAME_ERR_TOOLONG;
 		return (-1);