Fix zfs_allow_log_destroy() NULL dereference
In zfs_ioc_log_history() function the tsd_set() function is called with NULL which causes the zfs_allow_log_destroy() to be run. In this case the passed value will be NULL. This is normally entirely safe because strfree() maps directly to kfree() which may be passed a NULL. However, since alternate implementations of strfree() may not handle this gracefully add a check for NULL. Observed under an embedded Linux 2.6.32.41 kernel running the automated testing while running the ZFS Test Suite. Signed-off-by: caoxuewen <cao.xuewen@zte.com.cn> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Closes #4872
This commit is contained in:
parent
3b86aeb295
commit
9f3d1407dc
|
@ -3345,6 +3345,8 @@ zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl)
|
||||||
* we clear the TSD here.
|
* we clear the TSD here.
|
||||||
*/
|
*/
|
||||||
poolname = tsd_get(zfs_allow_log_key);
|
poolname = tsd_get(zfs_allow_log_key);
|
||||||
|
if (poolname == NULL)
|
||||||
|
return (SET_ERROR(EINVAL));
|
||||||
(void) tsd_set(zfs_allow_log_key, NULL);
|
(void) tsd_set(zfs_allow_log_key, NULL);
|
||||||
error = spa_open(poolname, &spa, FTAG);
|
error = spa_open(poolname, &spa, FTAG);
|
||||||
strfree(poolname);
|
strfree(poolname);
|
||||||
|
@ -6297,7 +6299,9 @@ static void
|
||||||
zfs_allow_log_destroy(void *arg)
|
zfs_allow_log_destroy(void *arg)
|
||||||
{
|
{
|
||||||
char *poolname = arg;
|
char *poolname = arg;
|
||||||
strfree(poolname);
|
|
||||||
|
if (poolname != NULL)
|
||||||
|
strfree(poolname);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
|
|
Loading…
Reference in New Issue