fs/smb/client: Reset password pointer to NULL

pvts-mat · pvts-mat · commit f75a1fd37f16 · 2025-02-28T00:09:08.000+01:00
jira VULN-9356 cve CVE-2023-5345 commit-author Quang Le <quanglex97@gmail.com> commit e6e43b8 Forget to reset ctx->password to NULL will lead to bug like double free Cc: stable@vger.kernel.org Cc: Willy Tarreau <w@1wt.eu> Reviewed-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Quang Le <quanglex97@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com> (cherry picked from commit e6e43b8) Signed-off-by: Marcin Wcisło <marcin.wcislo@conclusive.pl> # Conflicts: # fs/cifs/fs_context.c
diff --git a/fs/cifs/fs_context.c b/fs/cifs/fs_context.c
@@ -1458,6 +1458,8 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,
 	return 0;
 
  cifs_parse_mount_err:
+	kfree_sensitive(ctx->password);
+	ctx->password = NULL;
 	return -EINVAL;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1458,6 +1458,8 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,`
`1458`	`1458`	`return 0;`
`1459`	`1459`
`1460`	`1460`	`cifs_parse_mount_err:`
	`1461`	`+ kfree_sensitive(ctx->password);`
	`1462`	`+ ctx->password = NULL;`
`1461`	`1463`	`return -EINVAL;`
`1462`	`1464`	`}`
`1463`	`1465`