From: Tomohiro Kusumi <kusumi.tomohiro@gmail.com>
Date: Wed, 1 May 2019 02:41:12 +0000 (+0900)
Subject: Correct snprintf() size argument
X-Git-Tag: zfs-0.8.0~30
X-Git-Url: https://git.proxmox.com/?p=mirror_zfs.git;a=commitdiff_plain;h=f0ce0436aa801a5b281f93a456d394fe141034f7

Correct snprintf() size argument

The size argument of snprintf(3) in glibc and snprintf() in Linux
kernel includes trailing \0, as snprintf(3) man page explains it as
"write at most size bytes (including the trailing null byte ('\0'))",
i.e. snprintf() can just take buffer size.

e.g. For snprintf() in module/zfs/zfs_ctldir.c, a buffer size is
MAXPATHLEN, and a caller is passing MAXPATHLEN to snprintf(), so size
should just be `path_len` to do what the caller is trying to do.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: George Melikov <mail@gmelikov.ru>
Reviewed-by: Richard Laager <rlaager@wiktel.com>
Signed-off-by: Tomohiro Kusumi <kusumi.tomohiro@gmail.com>
Closes #8692
---

diff --git a/lib/libzfs/libzfs_sendrecv.c b/lib/libzfs/libzfs_sendrecv.c
index d68efd96e..2c2eca8db 100644
--- a/lib/libzfs/libzfs_sendrecv.c
+++ b/lib/libzfs/libzfs_sendrecv.c
@@ -971,7 +971,7 @@ send_iterate_fs(zfs_handle_t *zhp, void *arg)
 		char snapname[MAXPATHLEN] = { 0 };
 		zfs_handle_t *snap;
 
-		(void) snprintf(snapname, sizeof (snapname) - 1, "%s@%s",
+		(void) snprintf(snapname, sizeof (snapname), "%s@%s",
 		    zhp->zfs_name, sd->tosnap);
 		if (sd->fromsnap != NULL)
 			sd->seenfrom = B_TRUE;
@@ -1524,7 +1524,7 @@ dump_filesystem(zfs_handle_t *zhp, void *arg)
 		zfs_handle_t *snap;
 
 		if (!sdd->seenfrom) {
-			(void) snprintf(snapname, sizeof (snapname) - 1,
+			(void) snprintf(snapname, sizeof (snapname),
 			    "%s@%s", zhp->zfs_name, sdd->fromsnap);
 			snap = zfs_open(zhp->zfs_hdl, snapname,
 			    ZFS_TYPE_SNAPSHOT);
@@ -1535,7 +1535,7 @@ dump_filesystem(zfs_handle_t *zhp, void *arg)
 		}
 
 		if (rv == 0) {
-			(void) snprintf(snapname, sizeof (snapname) - 1,
+			(void) snprintf(snapname, sizeof (snapname),
 			    "%s@%s", zhp->zfs_name, sdd->tosnap);
 			snap = zfs_open(zhp->zfs_hdl, snapname,
 			    ZFS_TYPE_SNAPSHOT);
diff --git a/module/spl/spl-err.c b/module/spl/spl-err.c
index 4c8f818a9..3c0bb71c0 100644
--- a/module/spl/spl-err.c
+++ b/module/spl/spl-err.c
@@ -86,7 +86,7 @@ vcmn_err(int ce, const char *fmt, va_list ap)
 {
 	char msg[MAXMSGLEN];
 
-	vsnprintf(msg, MAXMSGLEN - 1, fmt, ap);
+	vsnprintf(msg, MAXMSGLEN, fmt, ap);
 
 	switch (ce) {
 	case CE_IGNORE:
diff --git a/module/zfs/zfs_ctldir.c b/module/zfs/zfs_ctldir.c
index 485f21b79..9ff492eb4 100644
--- a/module/zfs/zfs_ctldir.c
+++ b/module/zfs/zfs_ctldir.c
@@ -766,8 +766,7 @@ zfsctl_snapshot_path_objset(zfsvfs_t *zfsvfs, uint64_t objsetid,
 			break;
 	}
 
-	memset(full_path, 0, path_len);
-	snprintf(full_path, path_len - 1, "%s/.zfs/snapshot/%s",
+	snprintf(full_path, path_len, "%s/.zfs/snapshot/%s",
 	    zfsvfs->z_vfs->vfs_mntpoint, snapname);
 out:
 	kmem_free(snapname, ZFS_MAX_DATASET_NAME_LEN);