lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <39ca2ff6-c363-47d7-9d4f-fd6f137afc09@linux.dev>
Date: Thu, 25 Dec 2025 00:23:20 +0800
From: ChenXiaoSong <chenxiaosong.chenxiaosong@...ux.dev>
To: Zilin Guan <zilin@....edu.cn>, sfrench@...ba.org,
 Steve French <smfrench@...il.com>
Cc: pc@...guebit.org, ronniesahlberg@...il.com, sprasad@...rosoft.com,
 tom@...pey.com, bharathsm@...rosoft.com, linux-cifs@...r.kernel.org,
 samba-technical@...ts.samba.org, linux-kernel@...r.kernel.org,
 jianhao.xu@....edu.cn
Subject: Re: [PATCH] cifs: Fix memory and information leak in
 smb3_reconfigure()

Good catch. Looks good to me.

Thanks,
ChenXiaoSong.

On 12/24/25 11:21 PM, Zilin Guan wrote:
> In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the
> function returns immediately without freeing and erasing the newly
> allocated new_password and new_password2. This causes both a memory leak
> and a potential information leak.
> 
> Fix this by calling kfree_sensitive() on both password buffers before
> returning in this error case.
> 
> Fixes: 0f0e357902957 ("cifs: during remount, make sure passwords are in sync")
> Signed-off-by: Zilin Guan <zilin@....edu.cn>
> ---
>   fs/smb/client/fs_context.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
> index c2de97e4ad59..d4291d3a9a48 100644
> --- a/fs/smb/client/fs_context.c
> +++ b/fs/smb/client/fs_context.c
> @@ -1139,6 +1139,8 @@ static int smb3_reconfigure(struct fs_context *fc)
>   	rc = smb3_sync_session_ctx_passwords(cifs_sb, ses);
>   	if (rc) {
>   		mutex_unlock(&ses->session_mutex);
> +		kfree_sensitive(new_password);
> +		kfree_sensitive(new_password2);
>   		return rc;
>   	}
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ