nvpair: Check for un-terminated strings in packed nvlist by tonyhutter · Pull Request #18604 · openzfs/zfs

tonyhutter · 2026-05-29T16:38:48Z

Motivation and Context

Add additional nvlist checks.

Description

Add additional checks to verify a packed string or string array nvpair is terminated. Or more specifically, verify doing a strlen() on the prospective string does not overrun the packed nvlist buffer.

Also add additional checks in the libzfs_input_checks test case to verify un-terminated strings, and add in a nvlist ioctl payload fuzz test for good measure.

How Has This Been Tested?

Test case updated.

Types of changes

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Performance enhancement (non-breaking change which improves efficiency)
Code cleanup (non-breaking change which makes code smaller or more readable)
Quality assurance (non-breaking change which makes the code more robust against bugs)
Breaking change (fix or feature that would cause existing functionality to change)
Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
Documentation (a change to man pages or other documentation)

Checklist:

My code follows the OpenZFS code style requirements.
I have updated the documentation accordingly.
I have read the contributing document.
I have added tests to cover my changes.
I have run the ZFS Test Suite with this change applied.
All commit messages are properly formatted and contain Signed-off-by.

Add additional checks to verify a packed string or string array nvpair is terminated. Or more specifically, verify doing a strlen() on the prospective string does not overrun the packed nvlist buffer. Also add additional checks in the libzfs_input_checks test case to verify un-terminated strings, and add in a nvlist ioctl payload fuzz test for good measure. Signed-off-by: Tony Hutter <hutter2@llnl.gov>

tonyhutter force-pushed the nvlist-fix branch from daaff6d to f2b5366 Compare May 29, 2026 16:44

behlendorf added the Status: Code Review Needed Ready for review and testing label May 29, 2026

behlendorf reviewed May 29, 2026

View reviewed changes

Comment thread tests/zfs-tests/cmd/libzfs_input_check.c

Comment thread module/zfs/zfs_ioctl.c Outdated

Comment thread module/nvpair/nvpair.c Outdated

behlendorf force-pushed the nvlist-fix branch from f2b5366 to ec5822c Compare June 1, 2026 03:36

tonyhutter force-pushed the nvlist-fix branch from ec5822c to f70eeb5 Compare June 1, 2026 16:28

behlendorf approved these changes Jun 1, 2026

View reviewed changes

behlendorf added Status: Accepted Ready to integrate (reviewed, tested) and removed Status: Code Review Needed Ready for review and testing labels Jun 1, 2026

behlendorf merged commit 59dc886 into openzfs:master Jun 1, 2026
42 of 46 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

nvpair: Check for un-terminated strings in packed nvlist#18604

nvpair: Check for un-terminated strings in packed nvlist#18604
behlendorf merged 1 commit into
openzfs:masterfrom
tonyhutter:nvlist-fix

tonyhutter commented May 29, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

tonyhutter commented May 29, 2026

Motivation and Context

Description

How Has This Been Tested?

Types of changes

Checklist:

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants