From 5a547a114ee172a609ee64776b14d9c540585225 Mon Sep 17 00:00:00 2001 From: trasz Date: Mon, 17 May 2010 17:56:27 +0000 Subject: MFC r208030: Add missing check to prevent local users from panicing the kernel by trying to set malformed ACL. --- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c index 59a58dd..12df0a1 100644 --- a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c +++ b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c @@ -4936,6 +4936,10 @@ zfs_freebsd_setacl(ap) if (ap->a_aclp->acl_cnt * 2 + 6 > ACL_MAX_ENTRIES) return (ENOSPC); + error = acl_nfs4_check(ap->a_aclp, ap->a_vp->v_type == VDIR); + if (error != 0) + return (error); + vsecattr.vsa_mask = VSA_ACE; aclbsize = ap->a_aclp->acl_cnt * sizeof(ace_t); vsecattr.vsa_aclentp = kmem_alloc(aclbsize, KM_SLEEP); -- cgit v1.1