diff options
author | Richard Yao <richard.yao@alumni.stonybrook.edu> | 2022-12-14 01:31:47 +0000 |
---|---|---|
committer | Tony Hutter <hutter2@llnl.gov> | 2023-01-19 20:50:36 +0000 |
commit | a2aabac123a9ba17a12bd22af6b5316809e6a053 (patch) | |
tree | 82ad5959d8929f59dc518aae19fc7f4fffa4403f | |
parent | 3207803abf6a9131c4ae99a0fb4a906c40d86401 (diff) | |
download | src-a2aabac123a9ba17a12bd22af6b5316809e6a053.tar.gz src-a2aabac123a9ba17a12bd22af6b5316809e6a053.zip |
Zero end of embedded block buffer in dump_write_embedded()
This fixes a kernel stack leak.
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Tested-by: Nicholas Sherlock <n.sherlock@gmail.com>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13778
Closes #14255
-rw-r--r-- | module/zfs/dmu_send.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/module/zfs/dmu_send.c b/module/zfs/dmu_send.c index 0715a8c3022c..7d895aab76ff 100644 --- a/module/zfs/dmu_send.c +++ b/module/zfs/dmu_send.c @@ -584,7 +584,13 @@ dump_write_embedded(dmu_send_cookie_t *dscp, uint64_t object, uint64_t offset, decode_embedded_bp_compressed(bp, buf); - if (dump_record(dscp, buf, P2ROUNDUP(drrw->drr_psize, 8)) != 0) + uint32_t psize = drrw->drr_psize; + uint32_t rsize = P2ROUNDUP(psize, 8); + + if (psize != rsize) + memset(buf + psize, 0, rsize - psize); + + if (dump_record(dscp, buf, rsize) != 0) return (SET_ERROR(EINTR)); return (0); } |