From 2eedcf968e17793a088850eac7fece43219f6653 Mon Sep 17 00:00:00 2001
From: mm <mm@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Sun, 5 Mar 2017 21:44:29 +0000
Subject: [PATCH] MFC r314572:

Fix null pointer dereference in zfs_freebsd_setacl().

Prevents unprivileged users from panicking the kernel by calling
__acl_delete_*() on files or directories inside a ZFS mount.


git-svn-id: svn://svn.freebsd.org/base/stable/8@314713 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
index 5da17ae1e..ed246445f 100644
--- a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
+++ b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
@@ -6740,6 +6740,9 @@ zfs_freebsd_setacl(ap)
 	if (ap->a_type != ACL_TYPE_NFS4)
 		return (EINVAL);
 
+	if (ap->a_aclp == NULL)
+		return (EINVAL);
+
 	if (ap->a_aclp->acl_cnt < 1 || ap->a_aclp->acl_cnt > MAX_ACL_ENTRIES)
 		return (EINVAL);
 
-- 
2.45.0