From 8eaf017b4e89785a5bb8ffbd8f4e9bf876c7dfc6 Mon Sep 17 00:00:00 2001
From: gordon <gordon@FreeBSD.org>
Date: Thu, 27 Sep 2018 18:32:14 +0000
Subject: [PATCH] Fix NULL pointer dereference in freebsd4_getfsstat.
 [EN-18:10.syscall]

Reported by:	Thomas Barabosch, Fraunhofer FKIE
Approved by:	so
Security:	FreeBSD-EN-18:10.syscall
Security:	CVE-2018-17154
---
 sys/kern/vfs_syscalls.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index fbec149ca52..13a0ed1cee2 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -643,6 +643,8 @@ freebsd4_getfsstat(td, uap)
 	size = count * sizeof(struct statfs);
 	error = kern_getfsstat(td, &buf, size, &count, UIO_SYSSPACE,
 	    uap->mode);
+	if (buf == NULL)
+		return (EINVAL);
 	td->td_retval[0] = count;
 	if (size != 0) {
 		sp = buf;