From 4e7dd147205abccc1830a386ed8ad58e7e492bdd Mon Sep 17 00:00:00 2001
From: mm <mm@FreeBSD.org>
Date: Thu, 2 Mar 2017 23:23:28 +0000
Subject: [PATCH] Fix null pointer dereference in zfs_freebsd_setacl().

Prevents unprivileged users from panicking the kernel by calling
__acl_delete_*() on files or directories inside a ZFS mount.

MFC after:	3 days
---
 sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
index fc6c57d1d5a0..e8761381cf01 100644
--- a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
+++ b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
@@ -5871,6 +5871,9 @@ zfs_freebsd_setacl(ap)
 	if (ap->a_type != ACL_TYPE_NFS4)
 		return (EINVAL);
 
+	if (ap->a_aclp == NULL)
+		return (EINVAL);
+
 	if (ap->a_aclp->acl_cnt < 1 || ap->a_aclp->acl_cnt > MAX_ACL_ENTRIES)
 		return (EINVAL);