aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Matuska <mm@FreeBSD.org>2017-03-05 21:44:29 +0000
committerMartin Matuska <mm@FreeBSD.org>2017-03-05 21:44:29 +0000
commit2f9eb63eee053d46294fa4a5f2f1d63480476bc8 (patch)
tree9df1c50985c68d532a7b49de540f85c669da2d2b
parent16bcbf27a74b6e137bb50cbc47a3b9bd44727044 (diff)
downloadsrc-2f9eb63eee053d46294fa4a5f2f1d63480476bc8.tar.gz
src-2f9eb63eee053d46294fa4a5f2f1d63480476bc8.zip
MFC r314572:
Fix null pointer dereference in zfs_freebsd_setacl(). Prevents unprivileged users from panicking the kernel by calling __acl_delete_*() on files or directories inside a ZFS mount.
Notes
Notes: svn path=/stable/8/; revision=314713
-rw-r--r--sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
index 5da17ae1e861..ed246445f90c 100644
--- a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
+++ b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
@@ -6740,6 +6740,9 @@ zfs_freebsd_setacl(ap)
if (ap->a_type != ACL_TYPE_NFS4)
return (EINVAL);
+ if (ap->a_aclp == NULL)
+ return (EINVAL);
+
if (ap->a_aclp->acl_cnt < 1 || ap->a_aclp->acl_cnt > MAX_ACL_ENTRIES)
return (EINVAL);