Diffusion FreeBSD src repository e23ed1b3307f

Fix potential buffer overflow in zpool command
e23ed1b3307f
Actions

Description

Fix potential buffer overflow in zpool command

The ZPOOL_SCRIPTS_PATH environment variable can be passed here. This
allows for arbitrarily long strings to be passed to sprintf(), which can
overflow the buffer.

I missed this in my earlier audit of the codebase. CodeQL's
cpp/unbounded-write check caught this.

Reviewed-by: Damian Szuberski <szuberskidamian@gmail.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14264

Details

Provenance

Richard Yao <richard.yao@alumni.stonybrook.edu>	Authored on Dec 4 2022, 2:43 AM
Tony Hutter <hutter2@llnl.gov>	Committed on Jan 19 2023, 8:50 PM

Parents

rG572114d8465b: FreeBSD: zfs_register_callbacks() must implement error check correctly

Branches

Unknown

Tags

Unknown

Event Timeline

Tony Hutter <hutter2@llnl.gov> committed rGe23ed1b3307f: Fix potential buffer overflow in zpool command (authored by Richard Yao <richard.yao@alumni.stonybrook.edu>).Jan 19 2023, 8:50 PM

Changes (1)

Path

Size

cmd/

zpool/

zpool_main.c

rGe23ed1b3307f

View Options