[PATCH] fs: smb: client: Reset password pointer to NULL

From: Fullway Wang
Date: Thu Jan 18 2024 - 02:44:27 EST

Next message: Uwe Kleine-König: "Re: [BUG][BISECTED] Freeze at loading init ramdisk"
Previous message: Horatiu Vultur: "Re: [PATCH net 1/2] net: micrel: Fix PTP frame parsing for lan8814"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ctx->password was freed but not reset to NULL, which may lead to double
free and secrets leak issues.

This is similar to CVE-2023-5345, which was fixed in commit e6e43b8.

Signed-off-by: Fullway Wang <fullwaywang@xxxxxxxxxxx>
---
fs/smb/client/connect.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
index 3052a208c6ca..fb96a234b9b1 100644
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -4028,6 +4028,7 @@ cifs_construct_tcon(struct cifs_sb_info *cifs_sb, kuid_t fsuid)
out:
kfree(ctx->username);
kfree_sensitive(ctx->password);
+ ctx->password = NULL;
kfree(ctx);

return tcon;
--
2.39.3 (Apple Git-145)

Next message: Uwe Kleine-König: "Re: [BUG][BISECTED] Freeze at loading init ramdisk"
Previous message: Horatiu Vultur: "Re: [PATCH net 1/2] net: micrel: Fix PTP frame parsing for lan8814"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]