Bug #6314 ยป 0001-6314-buffer-overflow-in-dsl_dataset_name.patch
usr/src/uts/common/fs/zfs/dsl_dataset.c | ||
---|---|---|
648 | 648 |
*/ |
649 | 649 |
if (!MUTEX_HELD(&ds->ds_lock)) { |
650 | 650 |
mutex_enter(&ds->ds_lock); |
651 |
VERIFY3U(strlen(name) + |
|
652 |
strlen(ds->ds_snapname) + 1, <=, |
|
653 |
ZFS_MAXNAMELEN); |
|
651 | 654 |
(void) strcat(name, ds->ds_snapname); |
652 | 655 |
mutex_exit(&ds->ds_lock); |
653 | 656 |
} else { |
657 |
VERIFY3U(strlen(name) + |
|
658 |
strlen(ds->ds_snapname) + 1, <=, |
|
659 |
ZFS_MAXNAMELEN); |
|
654 | 660 |
(void) strcat(name, ds->ds_snapname); |
655 | 661 |
} |
656 | 662 |
} |
657 |
- |