etc/systemd/zfs-mount-generator: avoid strndupa

The non-standard strndupa function is not implemented by musl libc, and can be dangerous due to its potential to blow the stack. (musl _does_ implement strdupa, used elsewhere in this function.) With a similar amount of code, we can use a heap allocation to construct the pool name, which is musl-friendly and doesn't have potential stack problems. (Why care about musl when systemd only supports glibc? Some distros patch systemd with portability fixes, and it would be nice to be able to use ZFS on those distros.) Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Alyssa Ross <alyssa.ross@unikie.com> Closes #14327
openzfs · Jan 10, 2023 · 1f19826 · 1f19826
1 parent fc45975
commit 1f19826
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/etc/systemd/system-generators/zfs-mount-generator.c b/etc/systemd/system-generators/zfs-mount-generator.c
@@ -224,9 +224,10 @@ line_worker(char *line, const char *cachefile)
 	const char *p_systemd_ignore            = strtok_r(NULL, "\t", &toktmp) ?: "-";
 	/* END CSTYLED */
 
-	const char *pool = dataset;
-	if ((toktmp = strchr(pool, '/')) != NULL)
-		pool = strndupa(pool, toktmp - pool);
+	size_t pool_len = strlen(dataset);
+	if ((toktmp = strchr(dataset, '/')) != NULL)
+		pool_len = toktmp - dataset;
+	const char *pool = *(tofree++) = strndup(dataset, pool_len);
 
 	if (p_nbmand == NULL) {
 		fprintf(stderr, PROGNAME "[%d]: %s: not enough tokens!\n",
@@ -734,7 +735,7 @@ line_worker(char *line, const char *cachefile)
 	if (tofree >= tofree_all + nitems(tofree_all)) {
 		/*
 		 * This won't happen as-is:
-		 * we've got 8 slots and allocate 4 things at most.
+		 * we've got 8 slots and allocate 5 things at most.
 		 */
 		fprintf(stderr,
 		    PROGNAME "[%d]: %s: need to free %zu > %zu!\n",