HomeFreeBSD
Diffusion FreeBSD src repository 67395be0c2bd

Fix userland dereference NULL return value bugs
67395be0c2bd
Actions

Description

Fix userland dereference NULL return value bugs

  • zstream_do_token() does not handle failures from libzfs_init()
    • ztest_global_vars_to_zdb_args() does not handle failures from calloc().
    • zfs_snapshot_nvl() will pass an offset to a NULL pointer as a source to strlcpy() if the provided nvlist is NULL.

We handle these by doing what the existing error handling does for other
errors involving these functions.

Coverity complained about these. It had complained about several more,
but one was fixed by 570ca4441e0583c8dcb5c7179f5eb331d1172784 and
another was a false positive. The remaining complaints labelled
"dereferece null return vaue" involve fetching things stored in
in-kernel data structures via list_head()/list_next(),
AVL_PREV()/AVL_NEXT() and zfs_btree_find(). Most of them occur in
void functions that have no error handling. They are much harder to
analyze than the two fixed in this patch, so they are left for a
follow-up patch.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13971

Details

Provenance
Richard Yao <richard.yao@alumni.stonybrook.edu>Authored on Oct 1 2022, 12:02 AM
GitHub <noreply@github.com>Committed on Oct 1 2022, 12:02 AM
Parents
rGa36b37d4de5d: Fix potential NULL pointer dereference in dsl_dataset_promote_check()
Branches
Unknown
Tags
Unknown

Event Timeline

GitHub <noreply@github.com> committed rG67395be0c2bd: Fix userland dereference NULL return value bugs (authored by Richard Yao <richard.yao@alumni.stonybrook.edu>).Oct 1 2022, 12:02 AM

Changes (3)

PathSize
cmd/
zstream/
lib/
libzfs/

rG67395be0c2bd

View Options

cmd/zstream/zstream_token.c

Loading...
View Options

cmd/ztest.c

Loading...
View Options

lib/libzfs/libzfs_dataset.c

Loading...