From 6b44608839dd45fa275aae3122de7738ae9f4253 Mon Sep 17 00:00:00 2001
From: gordon <gordon@FreeBSD.org>
Date: Thu, 27 Sep 2018 18:32:14 +0000
Subject: [PATCH] Fix NULL pointer dereference in freebsd4_getfsstat.
 [EN-18:10.syscall]

Reported by:	Thomas Barabosch, Fraunhofer FKIE
Approved by:	so
Security:	FreeBSD-EN-18:10.syscall
Security:	CVE-2018-17154
---
 sys/kern/vfs_syscalls.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 52a41fed192..e9b1a3774b2 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -600,6 +600,8 @@ freebsd4_getfsstat(struct thread *td, struct freebsd4_getfsstat_args *uap)
 	size = count * sizeof(struct statfs);
 	error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
 	    uap->mode);
+	if (buf == NULL)
+		return (EINVAL);
 	td->td_retval[0] = count;
 	if (size != 0) {
 		sp = buf;
-- 
2.45.0