[PATCH] cifs: Fix memory and information leak in smb3

linux-cifs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] cifs: Fix memory and information leak in smb3_reconfigure()
@ 2025-12-24 15:21 Zilin Guan
  2025-12-24 16:23 ` ChenXiaoSong
  0 siblings, 1 reply; 2+ messages in thread
From: Zilin Guan @ 2025-12-24 15:21 UTC (permalink / raw)
  To: sfrench
  Cc: pc, ronniesahlberg, sprasad, tom, bharathsm, linux-cifs,
	samba-technical, linux-kernel, jianhao.xu, Zilin Guan

In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the
function returns immediately without freeing and erasing the newly
allocated new_password and new_password2. This causes both a memory leak
and a potential information leak.

Fix this by calling kfree_sensitive() on both password buffers before
returning in this error case.

Fixes: 0f0e357902957 ("cifs: during remount, make sure passwords are in sync")
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
---
 fs/smb/client/fs_context.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
index c2de97e4ad59..d4291d3a9a48 100644
--- a/fs/smb/client/fs_context.c
+++ b/fs/smb/client/fs_context.c
@@ -1139,6 +1139,8 @@ static int smb3_reconfigure(struct fs_context *fc)
 	rc = smb3_sync_session_ctx_passwords(cifs_sb, ses);
 	if (rc) {
 		mutex_unlock(&ses->session_mutex);
+		kfree_sensitive(new_password);
+		kfree_sensitive(new_password2);
 		return rc;
 	}
 
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] cifs: Fix memory and information leak in smb3_reconfigure()
  2025-12-24 15:21 [PATCH] cifs: Fix memory and information leak in smb3_reconfigure() Zilin Guan
@ 2025-12-24 16:23 ` ChenXiaoSong
  0 siblings, 0 replies; 2+ messages in thread
From: ChenXiaoSong @ 2025-12-24 16:23 UTC (permalink / raw)
  To: Zilin Guan, sfrench, Steve French
  Cc: pc, ronniesahlberg, sprasad, tom, bharathsm, linux-cifs,
	samba-technical, linux-kernel, jianhao.xu

Good catch. Looks good to me.

Thanks,
ChenXiaoSong.

On 12/24/25 11:21 PM, Zilin Guan wrote:
> In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the
> function returns immediately without freeing and erasing the newly
> allocated new_password and new_password2. This causes both a memory leak
> and a potential information leak.
> 
> Fix this by calling kfree_sensitive() on both password buffers before
> returning in this error case.
> 
> Fixes: 0f0e357902957 ("cifs: during remount, make sure passwords are in sync")
> Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
> ---
>   fs/smb/client/fs_context.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
> index c2de97e4ad59..d4291d3a9a48 100644
> --- a/fs/smb/client/fs_context.c
> +++ b/fs/smb/client/fs_context.c
> @@ -1139,6 +1139,8 @@ static int smb3_reconfigure(struct fs_context *fc)
>   	rc = smb3_sync_session_ctx_passwords(cifs_sb, ses);
>   	if (rc) {
>   		mutex_unlock(&ses->session_mutex);
> +		kfree_sensitive(new_password);
> +		kfree_sensitive(new_password2);
>   		return rc;
>   	}
>   


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-12-24 16:23 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-24 15:21 [PATCH] cifs: Fix memory and information leak in smb3_reconfigure() Zilin Guan
2025-12-24 16:23 ` ChenXiaoSong

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).