Bug #6314 ยป 0001-6314-buffer-overflow-in-dsl_dataset_name.patch
| usr/src/uts/common/fs/zfs/dsl_dataset.c | ||
|---|---|---|
| 648 | 648 |
*/ |
| 649 | 649 |
if (!MUTEX_HELD(&ds->ds_lock)) {
|
| 650 | 650 |
mutex_enter(&ds->ds_lock); |
| 651 |
VERIFY3U(strlen(name) + |
|
| 652 |
strlen(ds->ds_snapname) + 1, <=, |
|
| 653 |
ZFS_MAXNAMELEN); |
|
| 651 | 654 |
(void) strcat(name, ds->ds_snapname); |
| 652 | 655 |
mutex_exit(&ds->ds_lock); |
| 653 | 656 |
} else {
|
| 657 |
VERIFY3U(strlen(name) + |
|
| 658 |
strlen(ds->ds_snapname) + 1, <=, |
|
| 659 |
ZFS_MAXNAMELEN); |
|
| 654 | 660 |
(void) strcat(name, ds->ds_snapname); |
| 655 | 661 |
} |
| 656 | 662 |
} |
| 657 |
- |
|