Print this page
6314 buffer overflow in dsl_dataset_name
*** 666,678 ****
--- 666,684 ----
* We use a "recursive" mutex so that we
* can call dprintf_ds() with ds_lock held.
*/
if (!MUTEX_HELD(&ds->ds_lock)) {
mutex_enter(&ds->ds_lock);
+ VERIFY3U(strlen(name) +
+ strlen(ds->ds_snapname) + 1, <=,
+ ZFS_MAXNAMELEN);
(void) strcat(name, ds->ds_snapname);
mutex_exit(&ds->ds_lock);
} else {
+ VERIFY3U(strlen(name) +
+ strlen(ds->ds_snapname) + 1, <=,
+ ZFS_MAXNAMELEN);
(void) strcat(name, ds->ds_snapname);
}
}
}
}