Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]

Reported by: Thomas Barabosch, Fraunhofer FKIE Approved by: so Security: FreeBSD-EN-18:10.syscall Security: CVE-2018-17154
author: gordon <gordon@FreeBSD.org> 2018-09-27 18:32:14 +0000
committer: gordon <gordon@FreeBSD.org> 2018-09-27 18:32:14 +0000
commit: 6b44608839dd45fa275aae3122de7738ae9f4253 (patch)
tree: be986484f32315ccf841518b1e446fc77c1ccef7 /sys/kern
parent: b8dbd9ded2ed808a696a6fe4445fed61a7831dc8 (diff)
download: FreeBSD-src-6b44608839dd45fa275aae3122de7738ae9f4253.zip
FreeBSD-src-6b44608839dd45fa275aae3122de7738ae9f4253.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 52a41fe..e9b1a37 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -600,6 +600,8 @@ freebsd4_getfsstat(struct thread *td, struct freebsd4_getfsstat_args *uap)
 	size = count * sizeof(struct statfs);
 	error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
 	    uap->mode);
+	if (buf == NULL)
+		return (EINVAL);
 	td->td_retval[0] = count;
 	if (size != 0) {
 		sp = buf;
author	gordon <gordon@FreeBSD.org>	2018-09-27 18:32:14 +0000
committer	gordon <gordon@FreeBSD.org>	2018-09-27 18:32:14 +0000
commit	6b44608839dd45fa275aae3122de7738ae9f4253 (patch)
tree	be986484f32315ccf841518b1e446fc77c1ccef7 /sys/kern
parent	b8dbd9ded2ed808a696a6fe4445fed61a7831dc8 (diff)
download	FreeBSD-src-6b44608839dd45fa275aae3122de7738ae9f4253.zip FreeBSD-src-6b44608839dd45fa275aae3122de7738ae9f4253.tar.gz