From 8cb34421e0bf1fea316d16014483d61381a41f57 Mon Sep 17 00:00:00 2001 From: Tim Chase Date: Wed, 10 Apr 2019 17:38:21 -0500 Subject: [PATCH] Avoid stack overwrite in zfs_setattr_dir() The bulk[] array index, count, must be reset per-iteration in order to not overwrite the stack. Reviewed-by: Brian Behlendorf Reviewed-by: Chris Dunlop Reviewed-by: Tom Caputi Signed-off-by: Tim Chase Closes #8072 Closes #8597 Closes #8601 --- module/zfs/zfs_vnops.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/module/zfs/zfs_vnops.c b/module/zfs/zfs_vnops.c index c77101485f..0de75a8912 100644 --- a/module/zfs/zfs_vnops.c +++ b/module/zfs/zfs_vnops.c @@ -2710,11 +2710,12 @@ zfs_setattr_dir(znode_t *dzp) dmu_tx_t *tx = NULL; uint64_t uid, gid; sa_bulk_attr_t bulk[4]; - int count = 0; + int count; int err; zap_cursor_init(&zc, os, dzp->z_id); while ((err = zap_cursor_retrieve(&zc, &zap)) == 0) { + count = 0; if (zap.za_integer_length != 8 || zap.za_num_integers != 1) { err = ENXIO; break;