d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix zfs_allow_log_destroy() NULL dereference

Browse Source 
In zfs_ioc_log_history() function the tsd_set() function is called
with NULL which causes the zfs_allow_log_destroy() to be run.  In
this case the passed value will be NULL.  This is normally entirely
safe because strfree() maps directly to kfree() which may be passed
a NULL.  However, since alternate implementations of strfree() may
not handle this gracefully add a check for NULL.

Observed under an embedded Linux 2.6.32.41 kernel running the
automated testing while running the ZFS Test Suite.

Signed-off-by: caoxuewen <cao.xuewen@zte.com.cn>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #4872
This commit is contained in:
heary-cao 2016-07-27 14:58:17 +08:00 committed by Brian Behlendorf
parent 3b86aeb295
commit 9f3d1407dc
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
module/zfs/zfs_ioctl.c
View File

@ -3345,6 +3345,8 @@ zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
* we clear the TSD here. * we clear the TSD here.
*/ */
poolname = tsd_get(zfs_allow_log_key); poolname = tsd_get(zfs_allow_log_key);
if (poolname == NULL)
return (SET_ERROR(EINVAL));
(void) tsd_set(zfs_allow_log_key, NULL); (void) tsd_set(zfs_allow_log_key, NULL);
error = spa_open(poolname, &spa, FTAG); error = spa_open(poolname, &spa, FTAG);
strfree(poolname); strfree(poolname);
@ -6297,6 +6299,8 @@ static void
zfs_allow_log_destroy(void *arg) zfs_allow_log_destroy(void *arg)
{ {
char *poolname = arg; char *poolname = arg;
if (poolname != NULL)
strfree(poolname); strfree(poolname);
} }