6314 buffer overflow in dsl_dataset_name

Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Igor Kozhukhov <ikozhukhov@gmail.com>

Closes #112

usr/src/cmd/beadm/beadm.c

@@ -21,12 +21,10 @@
 
 /*
  * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
- */
-
-/*
  * Copyright 2013 Nexenta Systems, Inc. All rights reserved.
  * Copyright 2015 Toomas Soome <tsoome@me.com>
  * Copyright 2015 Gary Mills
+ * Copyright (c) 2015 by Delphix. All rights reserved.
  */
 
 /*
@@ -288,7 +286,7 @@ count_widths(enum be_fmt be_fmt, struct hdr_info *hdr, be_node_list_t *be_nodes)
 		len[i] = hdr->cols[i].width;
 
 	for (cur_be = be_nodes; cur_be != NULL; cur_be = cur_be->be_next_node) {
-		char name[ZFS_MAXNAMELEN+1];
+		char name[ZFS_MAX_DATASET_NAME_LEN + 1];
 		const char *be_name = cur_be->be_node_name;
 		const char *root_ds = cur_be->be_root_ds;
 		char *pos;
@@ -432,7 +430,7 @@ print_be_snapshots(be_node_list_t *be, struct hdr_info *hdr, boolean_t parsable)
 
 	for (snap = be->be_node_snapshots; snap != NULL;
 	    snap = snap->be_next_snapshot) {
-		char name[ZFS_MAXNAMELEN+1];
+		char name[ZFS_MAX_DATASET_NAME_LEN + 1];
 		const char *datetime_fmt = "%F %R";
 		const char *be_name = be->be_node_name;
 		const char *root_ds = be->be_root_ds;

usr/src/cmd/boot/bootadm/bootadm.c

@@ -20,11 +20,12 @@
  */
 /*
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2012 Milan Jurik. All rights reserved.
  */
 
 /*
+ * Copyright 2012 Milan Jurik. All rights reserved.
  * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
+ * Copyright (c) 2015 by Delphix. All rights reserved.
  */
 
 /*
@@ -3228,7 +3229,7 @@ is_be(char *root)
 	be_node_list_t	*be_nodes = NULL;
 	be_node_list_t	*cur_be;
 	boolean_t	be_exist = B_FALSE;
-	char		ds_path[ZFS_MAXNAMELEN];
+	char		ds_path[ZFS_MAX_DATASET_NAME_LEN];
 
 	if (!is_zfs(root))
 		return (B_FALSE);
@@ -4972,12 +4973,12 @@ list_entry(menu_t *mp, char *menu_path, char *opt)
 
 int
 add_boot_entry(menu_t *mp,
-	char *title,
-	char *findroot,
-	char *kernel,
-	char *mod_kernel,
-	char *module,
-	char *bootfs)
+    char *title,
+    char *findroot,
+    char *kernel,
+    char *mod_kernel,
+    char *module,
+    char *bootfs)
 {
 	int		lineNum;
 	int		entryNum;

usr/src/cmd/halt/halt.c

@@ -24,6 +24,7 @@
  */
 /*
  * Copyright (c) 2013, Joyent, Inc. All rights reserved.
+ * Copyright (c) 2015 by Delphix. All rights reserved.
  */
 
 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
@@ -719,16 +720,16 @@ validate_zfs_pool(char *arg, char *mountpoint)
  */
 static int
 get_zfs_bootfs_arg(const char *arg, const char ** fpth, int *is_zfs,
-		char *bootfs_arg)
+    char *bootfs_arg)
 {
 	zfs_handle_t *zhp = NULL;
 	zpool_handle_t *zpoolp = NULL;
 	FILE *mtabp = NULL;
 	struct mnttab mnt;
 	char *poolname = NULL;
 	char physpath[MAXPATHLEN];
-	char mntsp[ZPOOL_MAXNAMELEN];
-	char bootfs[ZPOOL_MAXNAMELEN];
+	char mntsp[ZFS_MAX_DATASET_NAME_LEN];
+	char bootfs[ZFS_MAX_DATASET_NAME_LEN];
 	int rc = 0;
 	size_t mntlen = 0;
 	size_t msz;

usr/src/cmd/mdb/common/modules/zfs/zfs.c

@@ -230,7 +230,7 @@ mdb_dsl_dir_name(uintptr_t addr, char *buf)
 	static int gotid;
 	static mdb_ctf_id_t dd_id;
 	uintptr_t dd_parent;
-	char dd_myname[MAXNAMELEN];
+	char dd_myname[ZFS_MAX_DATASET_NAME_LEN];
 
 	if (!gotid) {
 		if (mdb_ctf_lookup_by_name(ZFS_STRUCT "dsl_dir",
@@ -265,7 +265,7 @@ objset_name(uintptr_t addr, char *buf)
 	static int gotid;
 	static mdb_ctf_id_t os_id, ds_id;
 	uintptr_t os_dsl_dataset;
-	char ds_snapname[MAXNAMELEN];
+	char ds_snapname[ZFS_MAX_DATASET_NAME_LEN];
 	uintptr_t ds_dir;
 
 	buf[0] = '\0';
@@ -466,7 +466,7 @@ dbuf(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
 	mdb_dmu_buf_impl_t db;
 	char objectname[32];
 	char blkidname[32];
-	char path[MAXNAMELEN];
+	char path[ZFS_MAX_DATASET_NAME_LEN];
 	int ptr_width = (int)(sizeof (void *)) * 2;
 
 	if (DCMD_HDRSPEC(flags))
@@ -725,7 +725,7 @@ dbufs_cb(uintptr_t addr, const void *unknown, void *arg)
 	dmu_buf_t db;
 	uint8_t level;
 	uint64_t blkid;
-	char osname[MAXNAMELEN];
+	char osname[ZFS_MAX_DATASET_NAME_LEN];
 
 	if (GETMEMBID(addr, &data->id, db_objset, objset) ||
 	    GETMEMBID(addr, &data->id, db, db) ||
@@ -1079,7 +1079,7 @@ arc_print(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv)
 
 typedef struct mdb_spa_print {
 	pool_state_t spa_state;
-	char spa_name[MAXNAMELEN];
+	char spa_name[ZFS_MAX_DATASET_NAME_LEN];
 } mdb_spa_print_t;
 
 /*

usr/src/cmd/ndmpd/include/tlm.h

@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015 by Delphix. All rights reserved.
  */
 
 /*
@@ -475,7 +476,7 @@ typedef struct ndmp_metadata_property {
 } ndmp_metadata_property_t;
 
 typedef struct ndmp_metadata_property_ext {
-	char mp_name[ZFS_MAXNAMELEN];
+	char mp_name[ZFS_MAX_DATASET_NAME_LEN];
 	char mp_value[ZFS_MAXPROPLEN];
 	char mp_source[ZFS_MAXPROPLEN];
 } ndmp_metadata_property_ext_t;
@@ -498,7 +499,7 @@ typedef struct ndmp_metadata_header {
 /* Extended metadata format */
 typedef struct ndmp_metadata_header_ext {
 	ndmp_metadata_top_header_t nh_hdr;
-	char nh_dataset[ZFS_MAXNAMELEN];
+	char nh_dataset[ZFS_MAX_DATASET_NAME_LEN];
 	int32_t nh_total_bytes;
 	int32_t nh_major;
 	int32_t nh_minor;

usr/src/cmd/ndmpd/ndmp/ndmpd.h

@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015 by Delphix. All rights reserved.
  */
 
 /*
@@ -456,9 +457,9 @@ typedef struct {
 
 typedef struct ndmpd_zfs_args {
 	zfs_type_t nz_type;			/* type of ZFS dataset */
-	char nz_dataset[ZFS_MAXNAMELEN];	/* dataset name */
-	char nz_snapname[ZFS_MAXNAMELEN];	/* snapname (following '@') */
-	char nz_fromsnap[ZFS_MAXNAMELEN];	/* snap of L-1 bkup */
+	char nz_dataset[ZFS_MAX_DATASET_NAME_LEN]; /* dataset name */
+	char nz_snapname[ZFS_MAX_DATASET_NAME_LEN]; /* snapname (following @) */
+	char nz_fromsnap[ZFS_MAX_DATASET_NAME_LEN]; /* snap of L-1 bkup */
 	char nz_snapprop[ZFS_MAXPROPLEN];	/* contents of snap incr prop */
 	boolean_t nz_ndmpd_snap;		/* ndmpd-generated snap? */
 

usr/src/cmd/ndmpd/ndmp/ndmpd_chkpnt.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright (c) 2013 by Delphix. All rights reserved.
+ * Copyright (c) 2013, 2015 by Delphix. All rights reserved.
  * Copyright (c) 2013 Steven Hartland. All rights reserved.
  * Copyright (c) 2016 Martin Matuska. All rights reserved.
  */
@@ -103,7 +103,7 @@ ndmp_has_backup_snapshot(char *volname, char *jobname)
 {
 	zfs_handle_t *zhp;
 	snap_param_t snp;
-	char chname[ZFS_MAXNAMELEN];
+	char chname[ZFS_MAX_DATASET_NAME_LEN];
 
 	(void) mutex_lock(&zlib_mtx);
 	if ((zhp = zfs_open(zlibh, volname, ZFS_TYPE_DATASET)) == 0) {
@@ -113,7 +113,7 @@ ndmp_has_backup_snapshot(char *volname, char *jobname)
 	}
 
 	snp.snp_found = 0;
-	(void) snprintf(chname, ZFS_MAXNAMELEN, "@%s", jobname);
+	(void) snprintf(chname, ZFS_MAX_DATASET_NAME_LEN, "@%s", jobname);
 	snp.snp_name = chname;
 
 	(void) zfs_iter_snapshots(zhp, B_FALSE, ndmp_has_backup, &snp);
@@ -140,7 +140,7 @@ ndmp_has_backup_snapshot(char *volname, char *jobname)
 int
 ndmp_create_snapshot(char *vol_name, char *jname)
 {
-	char vol[ZFS_MAXNAMELEN];
+	char vol[ZFS_MAX_DATASET_NAME_LEN];
 
 	if (vol_name == 0 ||
 	    get_zfsvolname(vol, sizeof (vol), vol_name) == -1)
@@ -174,7 +174,7 @@ ndmp_create_snapshot(char *vol_name, char *jname)
 int
 ndmp_remove_snapshot(char *vol_name, char *jname)
 {
-	char vol[ZFS_MAXNAMELEN];
+	char vol[ZFS_MAX_DATASET_NAME_LEN];
 
 	if (vol_name == 0 ||
 	    get_zfsvolname(vol, sizeof (vol), vol_name) == -1)
@@ -247,13 +247,14 @@ int
 snapshot_create(char *volname, char *jname, boolean_t recursive,
     boolean_t hold)
 {
-	char snapname[ZFS_MAXNAMELEN];
+	char snapname[ZFS_MAX_DATASET_NAME_LEN];
 	int rv;
 
 	if (!volname || !*volname)
 		return (-1);
 
-	(void) snprintf(snapname, ZFS_MAXNAMELEN, "%s@%s", volname, jname);
+	(void) snprintf(snapname, ZFS_MAX_DATASET_NAME_LEN,
+	    "%s@%s", volname, jname);
 
 	(void) mutex_lock(&zlib_mtx);
 	if ((rv = zfs_snapshot(zlibh, snapname, recursive, NULL))
@@ -287,7 +288,7 @@ int
 snapshot_destroy(char *volname, char *jname, boolean_t recursive,
     boolean_t hold, int *zfs_err)
 {
-	char snapname[ZFS_MAXNAMELEN];
+	char snapname[ZFS_MAX_DATASET_NAME_LEN];
 	zfs_handle_t *zhp;
 	zfs_type_t ztype;
 	char *namep;
@@ -303,8 +304,8 @@ snapshot_destroy(char *volname, char *jname, boolean_t recursive,
 		ztype = ZFS_TYPE_VOLUME | ZFS_TYPE_FILESYSTEM;
 		namep = volname;
 	} else {
-		(void) snprintf(snapname, ZFS_MAXNAMELEN, "%s@%s", volname,
-		    jname);
+		(void) snprintf(snapname, ZFS_MAX_DATASET_NAME_LEN,
+		    "%s@%s", volname, jname);
 		namep = snapname;
 		ztype = ZFS_TYPE_SNAPSHOT;
 	}

usr/src/cmd/ndmpd/ndmp/ndmpd_dtime.c

@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015 by Delphix. All rights reserved.
  */
 
 /*
@@ -832,7 +833,7 @@ ndmpd_get_dumptime(char *path, int *level, time_t *ddate)
 {
 	int i;
 	dumpdates_t ddhead, *ddp, *save;
-	char vol[ZFS_MAXNAMELEN];
+	char vol[ZFS_MAX_DATASET_NAME_LEN];
 	nvlist_t *userprops;
 	zfs_handle_t *zhp;
 	nvlist_t *propval = NULL;
@@ -956,7 +957,7 @@ ndmpd_get_dumptime(char *path, int *level, time_t *ddate)
 int
 ndmpd_put_dumptime(char *path, int level, time_t ddate)
 {
-	char vol[ZFS_MAXNAMELEN];
+	char vol[ZFS_MAX_DATASET_NAME_LEN];
 	zfs_handle_t *zhp;
 	char tbuf[64];
 	int rv;
@@ -993,7 +994,7 @@ ndmpd_put_dumptime(char *path, int level, time_t ddate)
 int
 ndmpd_append_dumptime(char *fname, char *path, int level, time_t ddate)
 {
-	char vol[ZFS_MAXNAMELEN];
+	char vol[ZFS_MAX_DATASET_NAME_LEN];
 	zfs_handle_t *zhp;
 	char tbuf[64];
 	int rv;