From 1b47c2b7e507fa7cae6d6c8e53c9373c4f7a0ad7 Mon Sep 17 00:00:00 2001
From: Alexander Motin <mav@FreeBSD.org>
Date: Fri, 3 Aug 2018 01:17:14 +0000
Subject: [PATCH] 7261 nvlist code should enforce name length limit

illumos/illumos-gate@48dd5e630c9b1773b7b10d08a3b90b6c9062d713

Reviewed by: Sebastien Roy <sebastien.roy@delphix.com>
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Approved by: Dan McDonald <danmcd@omniti.com>
Author: Matthew Ahrens <mahrens@delphix.com>
---
 common/nvpair/nvpair.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/common/nvpair/nvpair.c b/common/nvpair/nvpair.c
index cbdf3fe75143..47788eecdb79 100644
--- a/common/nvpair/nvpair.c
+++ b/common/nvpair/nvpair.c
@@ -910,6 +910,8 @@ nvlist_add_common(nvlist_t *nvl, const char *name,
 
 	/* calculate sizes of the nvpair elements and the nvpair itself */
 	name_sz = strlen(name) + 1;
+	if (name_sz >= 1ULL << (sizeof (nvp->nvp_name_sz) * NBBY - 1))
+		return (EINVAL);
 
 	nvp_sz = NVP_SIZE_CALC(name_sz, value_sz);