Author: kevans
Date: Thu Aug 16 18:58:34 2018
New Revision: 337924
URL: https://svnweb.freebsd.org/changeset/base/337924
Log:
libbe(3): Impose dataset length restrictions on boot env name validation
Previously, we only validated names for character restrictions. This is
helpful, but we should've also checked length restrictions- dataset names
must be restricted to MAXNAMELEN.
While here, move validation before doing a bunch of concatenations and fix
error handling in be_rename. It was previously setting the error state based
on return value from a libzfs function, which is wrong: libzfs errors don't
necessarily match cleanly to libbe errors. This would cause the assertion in
be_error to hit when the error was printed.
Modified:
head/lib/libbe/be.c
head/lib/libbe/libbe.3
Modified: head/lib/libbe/be.c
==============================================================================
--- head/lib/libbe/be.c Thu Aug 16 18:44:50 2018 (r337923)
+++ head/lib/libbe/be.c Thu Aug 16 18:58:34 2018 (r337924)
@@ -486,7 +486,7 @@ be_create_from_existing(libbe_handle_t *lbh, const cha
int err;
char buf[BE_MAXPATHLEN];
- if ((err = be_snapshot(lbh, old, NULL, true, (char *)&buf)))
+ if ((err = be_snapshot(lbh, old, NULL, true, (char *)&buf)) != 0)
return (set_error(lbh, err));
err = be_create_from_existing_snap(lbh, name, (char *)buf);
@@ -577,11 +577,12 @@ be_root_concat(libbe_handle_t *lbh, const char *name,
/*
* Verifies the validity of a boot environment name (A-Za-z0-9-_.). Returns
- * BE_ERR_SUCCESS (0) if name is valid, otherwise returns BE_ERR_INVALIDNAME.
+ * BE_ERR_SUCCESS (0) if name is valid, otherwise returns BE_ERR_INVALIDNAME
+ * or BE_ERR_PATHLEN.
* Does not set internal library error state.
*/
int
-be_validate_name(libbe_handle_t *lbh __unused, const char *name)
+be_validate_name(libbe_handle_t *lbh, const char *name)
{
for (int i = 0; *name; i++) {
char c = *(name++);
@@ -590,6 +591,12 @@ be_validate_name(libbe_handle_t *lbh __unused, const c
return (BE_ERR_INVALIDNAME);
}
+ /*
+ * Impose the additional restriction that the entire dataset name must
+ * not exceed the maximum length of a dataset, i.e. MAXNAMELEN.
+ */
+ if (strlen(lbh->root) + 1 + strlen(name) > MAXNAMELEN)
+ return (BE_ERR_PATHLEN);
return (BE_ERR_SUCCESS);
}
@@ -605,14 +612,17 @@ be_rename(libbe_handle_t *lbh, const char *old, const
zfs_handle_t *zfs_hdl;
int err;
+ /*
+ * be_validate_name is documented not to set error state, so we should
+ * do so here.
+ */
+ if ((err = be_validate_name(lbh, new)) != 0)
+ return (set_error(lbh, err));
if ((err = be_root_concat(lbh, old, full_old)) != 0)
return (set_error(lbh, err));
if ((err = be_root_concat(lbh, new, full_new)) != 0)
return (set_error(lbh, err));
- if ((err = be_validate_name(lbh, new)) != 0)
- return (err);
-
/* Check if old is active BE */
if (strcmp(full_old, be_active_path(lbh)) == 0)
return (set_error(lbh, BE_ERR_MOUNTED));
@@ -639,8 +649,9 @@ be_rename(libbe_handle_t *lbh, const char *old, const
err = zfs_rename(zfs_hdl, NULL, full_new, flags);
zfs_close(zfs_hdl);
-
- return (set_error(lbh, err));
+ if (err != 0)
+ return (set_error(lbh, BE_ERR_UNKNOWN));
+ return (0);
}
Modified: head/lib/libbe/libbe.3
==============================================================================
--- head/lib/libbe/libbe.3 Thu Aug 16 18:44:50 2018 (r337923)
+++ head/lib/libbe/libbe.3 Thu Aug 16 18:58:34 2018 (r337924)
@@ -331,7 +331,9 @@ environment name into
.Pp
The
.Fn be_validate_name
-function will validate the given boot environment name.
+function will validate the given boot environment name for both length
+restrictions as well as valid character restrictions.
+This function does not set the internal library error state.
.Pp
The
.Fn be_validate_snap
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
