diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index e3969cc2f..34c8e0992 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2015-02-12  Corinna Vinschen  <corinna@vinschen.de>
+
+	* sec_acl.cc (setacl): Introduce bool array "invalid" to note the
+	invalidation of incoming acl entries while iterating over them.
+
 2015-02-12  Corinna Vinschen  <corinna@vinschen.de>
 
 	* cygheap.h (cygheap_pwdgrp::get_home): Add dnsdomain parameter to
diff --git a/winsup/cygwin/release/1.7.35 b/winsup/cygwin/release/1.7.35
index f364145be..0726a2a8a 100644
--- a/winsup/cygwin/release/1.7.35
+++ b/winsup/cygwin/release/1.7.35
@@ -13,3 +13,8 @@ Bug Fixes
 
 - Fix /proc/cpuinfo multicore info on Intel CPUs.
   Addresses: https://cygwin.com/ml/cygwin-apps/2015-02/msg00077.html
+
+- Regression in 1.7.34: acl(SETACL, ...) overwrote the incoming acltent_t
+  array for bookkeeping purposes while iterating over its entries.  This
+  broke reusing the acl in the calling application (e.g. setfacl).
+  Addresses: https://cygwin.com/ml/cygwin/2015-02/msg00304.html
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index 51f1c9964..94bd90cf7 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -125,6 +125,9 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
 
   writable = false;
 
+  bool *invalid = (bool *) tp.c_get ();
+  memset (invalid, 0, nentries * sizeof *invalid);
+
   /* Pre-compute owner, group, and other permissions to allow creating
      matching deny ACEs as in alloc_sd. */
   DWORD owner_allow = 0, group_allow = 0, other_allow = 0;
@@ -163,7 +166,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
 	  && (aclbufp[i].a_type == USER_OBJ
 	      || !(null_mask & FILE_READ_DATA)))
 	*allow |= FILE_DELETE_CHILD;
-      aclbufp[i].a_type = 0;
+      invalid[i] = true;
     }
   bool isownergroup = (owner_sid == group_sid);
   DWORD owner_deny = ~owner_allow & (group_allow | other_allow);
@@ -210,7 +213,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
     {
       DWORD allow;
       /* Skip invalidated entries. */
-      if (!aclbufp[i].a_type)
+      if (invalid[i])
 	continue;
 
       allow = STANDARD_RIGHTS_READ
@@ -249,7 +252,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp,
 	{
 	  inheritance = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE;
 	  /* invalidate the corresponding default entry. */
-	  aclbufp[i + 1 + pos].a_type = 0;
+	  invalid[i + 1 + pos] = true;
 	}
       switch (aclbufp[i].a_type)
 	{