Re: [PATCH] cifs: Fix memory and information leak in smb3_reconfigure()

From: ChenXiaoSong
Date: Wed Dec 24 2025 - 11:24:12 EST

Next message: Marco Crivellari: "[PATCH] ASoC: SDCA: Replace use of system_wq with system_percpu_wq"
Previous message: Marco Crivellari: "[PATCH] tracing: Replace use of system_wq with system_percpu_wq"
In reply to: Zilin Guan: "[PATCH] cifs: Fix memory and information leak in smb3_reconfigure()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Good catch. Looks good to me.

Thanks,
ChenXiaoSong.

On 12/24/25 11:21 PM, Zilin Guan wrote:

In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the
function returns immediately without freeing and erasing the newly
allocated new_password and new_password2. This causes both a memory leak
and a potential information leak.

Fix this by calling kfree_sensitive() on both password buffers before
returning in this error case.

Fixes: 0f0e357902957 ("cifs: during remount, make sure passwords are in sync")
Signed-off-by: Zilin Guan <zilin@xxxxxxxxxx>
---
fs/smb/client/fs_context.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
index c2de97e4ad59..d4291d3a9a48 100644
--- a/fs/smb/client/fs_context.c
+++ b/fs/smb/client/fs_context.c
@@ -1139,6 +1139,8 @@ static int smb3_reconfigure(struct fs_context *fc)
rc = smb3_sync_session_ctx_passwords(cifs_sb, ses);
if (rc) {
mutex_unlock(&ses->session_mutex);
+ kfree_sensitive(new_password);
+ kfree_sensitive(new_password2);
return rc;
}

Next message: Marco Crivellari: "[PATCH] ASoC: SDCA: Replace use of system_wq with system_percpu_wq"
Previous message: Marco Crivellari: "[PATCH] tracing: Replace use of system_wq with system_percpu_wq"
In reply to: Zilin Guan: "[PATCH] cifs: Fix memory and information leak in smb3_reconfigure()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]