d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix null pointer dereference in zfs_freebsd_setacl().

Browse Source 
Prevents unprivileged users from panicking the kernel by calling
__acl_delete_*() on files or directories inside a ZFS mount.

MFC after:	3 days
This commit is contained in:
Martin Matuska 2017-03-02 23:23:28 +00:00
parent 642870485c
commit 0132c9cd4a
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=314572
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
View File

@ -5871,6 +5871,9 @@ zfs_freebsd_setacl(ap)
if (ap->a_type != ACL_TYPE_NFS4)
return (EINVAL);
if (ap->a_aclp == NULL)
return (EINVAL);
if (ap->a_aclp->acl_cnt < 1 || ap->a_aclp->acl_cnt > MAX_ACL_ENTRIES)
return (EINVAL);