Give strlcat() full buffer lengths rather than smaller buffer lengths

strlcat() is supposed to be given the length of the destination buffer,
including the existing contents. Unfortunately, I had been overzealous
when I wrote a51288aabb, since I gave it
the length of the destination buffer, minus the existing contents. This
likely caused a regression on large strings.

On the topic of being overzealous, the use of strlcat() in
dmu_send_estimate_fast() was unnecessary because recv_clone_name is a
fixed length string. We continue using strlcat() mostly as defensive
programming, in case the string length is ever changed, even though it
is unnecessary.

Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14476
This commit is contained in:
Richard Yao 2023-02-14 14:03:42 -05:00 committed by GitHub
parent cfd57573ff
commit ab672133a9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 4 additions and 5 deletions

View File

@ -97,7 +97,7 @@ nfs_init_tmpfile(const char *prefix, const char *mdir, struct tmpfile *tmpf)
} }
strlcpy(tmpf->name, prefix, sizeof (tmpf->name)); strlcpy(tmpf->name, prefix, sizeof (tmpf->name));
strlcat(tmpf->name, ".XXXXXXXX", sizeof (tmpf->name) - strlen(prefix)); strlcat(tmpf->name, ".XXXXXXXX", sizeof (tmpf->name));
int fd = mkostemp(tmpf->name, O_CLOEXEC); int fd = mkostemp(tmpf->name, O_CLOEXEC);
if (fd == -1) { if (fd == -1) {

View File

@ -4590,7 +4590,7 @@ zfs_receive_one(libzfs_handle_t *hdl, int infd, const char *tosnap,
B_FALSE, destsnap) == 0) { B_FALSE, destsnap) == 0) {
*strchr(destsnap, '@') = '\0'; *strchr(destsnap, '@') = '\0';
(void) strlcat(destsnap, suffix, (void) strlcat(destsnap, suffix,
sizeof (destsnap) - strlen(destsnap)); sizeof (destsnap));
} }
} }
} else { } else {
@ -4626,7 +4626,7 @@ zfs_receive_one(libzfs_handle_t *hdl, int infd, const char *tosnap,
B_FALSE, destsnap) == 0) { B_FALSE, destsnap) == 0) {
*strchr(destsnap, '@') = '\0'; *strchr(destsnap, '@') = '\0';
(void) strlcat(destsnap, snap, (void) strlcat(destsnap, snap,
sizeof (destsnap) - strlen(destsnap)); sizeof (destsnap));
} }
} }
} }

View File

@ -3029,8 +3029,7 @@ dmu_send_estimate_fast(dsl_dataset_t *origds, dsl_dataset_t *fromds,
dsl_dataset_name(origds, dsname); dsl_dataset_name(origds, dsname);
(void) strcat(dsname, "/"); (void) strcat(dsname, "/");
(void) strlcat(dsname, recv_clone_name, (void) strlcat(dsname, recv_clone_name, sizeof (dsname));
sizeof (dsname) - strlen(dsname));
err = dsl_dataset_hold(origds->ds_dir->dd_pool, err = dsl_dataset_hold(origds->ds_dir->dd_pool,
dsname, FTAG, &ds); dsname, FTAG, &ds);