Archive-Team
/
zfs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 103 Wiki Activity

Fix NULL pointer dereference in 'zfs create' 

A race condition between 'zpool export' and 'zfs create' can crash the
latter: this is because we never check libzfs`zpool_open() return
value in libzfs`zfs_create().

Reviewed-by: George Melikov <mail@gmelikov.ru>
Reviewed-by: Giuseppe Di Natale <dinatale2@llnl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: loli10K <ezomori.nozomu@gmail.com>
Closes #6096
This commit is contained in:
LOLi 2017-05-10 00:22:46 +02:00 committed by Brian Behlendorf
parent 4e3de24b61
commit 78d95eaa73
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/libzfs/libzfs_dataset.c
View File

@ -3370,6 +3370,7 @@ zfs_create(libzfs_handle_t *hdl, const char *path, zfs_type_t type,
char errbuf[1024]; char errbuf[1024];
uint64_t zoned; uint64_t zoned;
enum lzc_dataset_type ost; enum lzc_dataset_type ost;
zpool_handle_t *zpool_handle;
(void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN, (void) snprintf(errbuf, sizeof (errbuf), dgettext(TEXT_DOMAIN,
"cannot create '%s'"), path); "cannot create '%s'"), path);
@ -3409,7 +3410,8 @@ zfs_create(libzfs_handle_t *hdl, const char *path, zfs_type_t type,
if (p != NULL) if (p != NULL)
*p = '\0'; *p = '\0';
zpool_handle_t *zpool_handle = zpool_open(hdl, pool_path); if ((zpool_handle = zpool_open(hdl, pool_path)) == NULL)
return (-1);
if (props && (props = zfs_valid_proplist(hdl, type, props, if (props && (props = zfs_valid_proplist(hdl, type, props,
zoned, NULL, zpool_handle, errbuf)) == 0) { zoned, NULL, zpool_handle, errbuf)) == 0) {