diff options
author | gordon <gordon@FreeBSD.org> | 2018-09-27 18:32:14 +0000 |
---|---|---|
committer | gordon <gordon@FreeBSD.org> | 2018-09-27 18:32:14 +0000 |
commit | 6b44608839dd45fa275aae3122de7738ae9f4253 (patch) | |
tree | be986484f32315ccf841518b1e446fc77c1ccef7 /sys/kern/vfs_syscalls.c | |
parent | b8dbd9ded2ed808a696a6fe4445fed61a7831dc8 (diff) | |
download | FreeBSD-src-6b44608839dd45fa275aae3122de7738ae9f4253.zip FreeBSD-src-6b44608839dd45fa275aae3122de7738ae9f4253.tar.gz |
Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]
Reported by: Thomas Barabosch, Fraunhofer FKIE
Approved by: so
Security: FreeBSD-EN-18:10.syscall
Security: CVE-2018-17154
Diffstat (limited to 'sys/kern/vfs_syscalls.c')
-rw-r--r-- | sys/kern/vfs_syscalls.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 52a41fe..e9b1a37 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -600,6 +600,8 @@ freebsd4_getfsstat(struct thread *td, struct freebsd4_getfsstat_args *uap) size = count * sizeof(struct statfs); error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE, uap->mode); + if (buf == NULL) + return (EINVAL); td->td_retval[0] = count; if (size != 0) { sp = buf; |