Zero end of embedded block buffer in dump_write_embedded()

This fixes a kernel stack leak. Reviewed-by: Ryan Moeller <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Tested-by: Nicholas Sherlock <[email protected]> Signed-off-by: Richard Yao <[email protected]> Closes #13778 Closes #14255
author: Richard Yao <[email protected]> 2022-12-13 20:31:47 -0500
committer: GitHub <[email protected]> 2022-12-13 17:31:47 -0800
commit: f3f5263f8a9b0f8b51051698f68fbd76e181a685 (patch)
tree: fc4d99e4895ddd4b195cdfd37f74353834859ca0 /module
parent: 9be34ec99ec7bb518ad508851b0e60c86bfbbd24 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/module/zfs/dmu_send.c b/module/zfs/dmu_send.c
index 5ce2478e5..bcbc2ba60 100644
--- a/module/zfs/dmu_send.c
+++ b/module/zfs/dmu_send.c
@@ -584,7 +584,13 @@ dump_write_embedded(dmu_send_cookie_t *dscp, uint64_t object, uint64_t offset,
 
 	decode_embedded_bp_compressed(bp, buf);
 
-	if (dump_record(dscp, buf, P2ROUNDUP(drrw->drr_psize, 8)) != 0)
+	uint32_t psize = drrw->drr_psize;
+	uint32_t rsize = P2ROUNDUP(psize, 8);
+
+	if (psize != rsize)
+		memset(buf + psize, 0, rsize - psize);
+
+	if (dump_record(dscp, buf, rsize) != 0)
 		return (SET_ERROR(EINTR));
 	return (0);
 }
author	Richard Yao <[email protected]>	2022-12-13 20:31:47 -0500
committer	GitHub <[email protected]>	2022-12-13 17:31:47 -0800
commit	f3f5263f8a9b0f8b51051698f68fbd76e181a685 (patch)
tree	fc4d99e4895ddd4b195cdfd37f74353834859ca0 /module
parent	9be34ec99ec7bb518ad508851b0e60c86bfbbd24 (diff)