Fix zfs_allow_log_destroy() NULL dereference
In zfs_ioc_log_history() function the tsd_set() function is called with NULL which causes the zfs_allow_log_destroy() to be run. In this case the passed value will be NULL. This is normally entirely safe because strfree() maps directly to kfree() which may be passed a NULL. However, since alternate implementations of strfree() may not handle this gracefully add a check for NULL. Observed under an embedded Linux 2.6.32.41 kernel running the automated testing while running the ZFS Test Suite. Signed-off-by: caoxuewen <cao.xuewen@zte.com.cn> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Closes #4872
This commit is contained in:
parent
3b86aeb295
commit
9f3d1407dc
@ -3345,6 +3345,8 @@ zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
|
||||
* we clear the TSD here.
|
||||
*/
|
||||
poolname = tsd_get(zfs_allow_log_key);
|
||||
if (poolname == NULL)
|
||||
return (SET_ERROR(EINVAL));
|
||||
(void) tsd_set(zfs_allow_log_key, NULL);
|
||||
error = spa_open(poolname, &spa, FTAG);
|
||||
strfree(poolname);
|
||||
@ -6297,7 +6299,9 @@ static void
|
||||
zfs_allow_log_destroy(void *arg)
|
||||
{
|
||||
char *poolname = arg;
|
||||
strfree(poolname);
|
||||
|
||||
if (poolname != NULL)
|
||||
strfree(poolname);
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
|
Loading…
x
Reference in New Issue
Block a user