From 00a1a11989a365a7672d99854d1a7fa6f0b36bf0 Mon Sep 17 00:00:00 2001 From: Chunwei Chen <tuxoko@gmail.com> Date: Sat, 11 Feb 2017 12:42:17 -0800 Subject: [PATCH] Fix off by one in zpl_lookup Doing the following command would return success with zfs creating an orphan object. touch $(for i in $(seq 256); do printf "n"; done) The funny thing is that this will only work once for each directory, because after upgraded to fzap, zfs_lookup would fail properly since it has additional length check. Signed-off-by: Chunwei Chen <david.chen@osnexus.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Closes #5768 --- module/zfs/zpl_inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/zfs/zpl_inode.c b/module/zfs/zpl_inode.c index 7aded9df27..1a2e2edffa 100644 --- a/module/zfs/zpl_inode.c +++ b/module/zfs/zpl_inode.c @@ -50,7 +50,7 @@ zpl_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags) int zfs_flags = 0; zfs_sb_t *zsb = dentry->d_sb->s_fs_info; - if (dlen(dentry) > ZFS_MAXNAMELEN) + if (dlen(dentry) >= ZAP_MAXNAMELEN) return (ERR_PTR(-ENAMETOOLONG)); crhold(cr);