stable: [PATCH] smb: client: Don't log plaintext credentials in cifs_set_cifscreds

stable: [PATCH] smb: client: Don't log plaintext credentials in cifs_set_cifscreds

[Henrique Carvalho]

Hi,

I believe the following commit may have been missed for the relevant
stable branches.

2f37dc436d4e ("smb: client: Don't log plaintext credentials in cifs_set_cifscreds")

Could you please consider backporting it?

Thanks!

-- 
Henrique
SUSE Labs

----- Forwarded message from Thorsten Blum <thorsten.blum@linux.dev> -----

Date: Thu, 26 Feb 2026 22:28:45 +0100
From: Thorsten Blum <thorsten.blum@linux.dev>
To: Steve French <sfrench@samba.org>, Paulo Alcantara <pc@manguebit.org>,
  Ronnie Sahlberg <ronniesahlberg@gmail.com>, Shyam Prasad N
 <sprasad@microsoft.com>,  Tom Talpey <tom@talpey.com>, Bharath SM
 <bharathsm@microsoft.com>,  Jeff Layton <jlayton@kernel.org>
Cc: Thorsten Blum <thorsten.blum@linux.dev>, stable@vger.kernel.org,  Steve
 French <smfrench@gmail.com>, linux-cifs@vger.kernel.org,
 samba-technical@lists.samba.org,  linux-kernel@vger.kernel.org
Subject: [PATCH] smb: client: Don't log plaintext credentials in
 cifs_set_cifscreds
Message-ID: <20260226212845.784172-2-thorsten.blum@linux.dev>

When debug logging is enabled, cifs_set_cifscreds() logs the key
payload and exposes the plaintext username and password. Remove the
debug log to avoid exposing credentials.

Fixes: 8a8798a5ff90 ("cifs: fetch credentials out of keyring for non-krb5 auth multiuser mounts")
Cc: stable@vger.kernel.org
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 fs/smb/client/connect.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
index 33dfe116ca52..038f87062419 100644
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -2236,7 +2236,6 @@ cifs_set_cifscreds(struct smb3_fs_context *ctx, struct cifs_ses *ses)
 	/* find first : in payload */
 	payload = upayload->data;
 	delim = strnchr(payload, upayload->datalen, ':');
-	cifs_dbg(FYI, "payload=%s\n", payload);
 	if (!delim) {
 		cifs_dbg(FYI, "Unable to find ':' in payload (datalen=%d)\n",
 			 upayload->datalen);
-- 
Thorsten Blum <thorsten.blum@linux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4



----- End forwarded message -----

Re: stable: [PATCH] smb: client: Don't log plaintext credentials in cifs_set_cifscreds

[Greg KH]

On Mon, Mar 16, 2026 at 12:49:00PM -0300, Henrique Carvalho wrote:
> Hi,
> 
> I believe the following commit may have been missed for the relevant
> stable branches.
> 
> 2f37dc436d4e ("smb: client: Don't log plaintext credentials in cifs_set_cifscreds")
> 
> Could you please consider backporting it?

I see it in the following released stable kernels:
	6.12.77
	6.18.17
	6.19.7
	7.0-rc2

And it is in the 6.1 and 6.6 queues for the next stable release for
them.

Do you not see the same?

thanks,

greg k-h

Re: stable: [PATCH] smb: client: Don't log plaintext credentials in cifs_set_cifscreds

[Henrique Carvalho]

On Mon, Mar 16, 2026 at 04:53:02PM +0100, Greg KH wrote:
> On Mon, Mar 16, 2026 at 12:49:00PM -0300, Henrique Carvalho wrote:
> > Hi,
> > 
> > I believe the following commit may have been missed for the relevant
> > stable branches.
> > 
> > 2f37dc436d4e ("smb: client: Don't log plaintext credentials in cifs_set_cifscreds")
> > 
> > Could you please consider backporting it?
> 
> I see it in the following released stable kernels:
> 	6.12.77
> 	6.18.17
> 	6.19.7
> 	7.0-rc2
> 
> And it is in the 6.1 and 6.6 queues for the next stable release for
> them.
> 
> Do you not see the same?
> 

Thank you! I only looked in 6.6.y, saw no emails from stable and assumed
it had been missed. Apologies.