| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <PH7PR20MB592590F74C734584DCF88D6CBF712@PH7PR20MB5925.namprd20.prod.outlook.com> Date: Thu, 18 Jan 2024 15:43:57 +0800 From: Fullway Wang <fullwaywang@...look.com> To: sfrench@...ba.org, pc@...guebit.com, lsahlber@...hat.com, sprasad@...rosoft.com Cc: linux-cifs@...r.kernel.org, linux-kernel@...r.kernel.org, fullwaywang@...cent.com, Fullway Wang <fullwaywang@...look.com> Subject: [PATCH] fs: smb: client: Reset password pointer to NULL ctx->password was freed but not reset to NULL, which may lead to double free and secrets leak issues. This is similar to CVE-2023-5345, which was fixed in commit e6e43b8. Signed-off-by: Fullway Wang <fullwaywang@...look.com> --- fs/smb/client/connect.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 3052a208c6ca..fb96a234b9b1 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -4028,6 +4028,7 @@ cifs_construct_tcon(struct cifs_sb_info *cifs_sb, kuid_t fsuid) out: kfree(ctx->username); kfree_sensitive(ctx->password); + ctx->password = NULL; kfree(ctx); return tcon; -- 2.39.3 (Apple Git-145)
Powered by blists - more mailing lists