[PATCH] smb: client: Don't log plaintext credentials in cifs_set_cifscreds

Next message: Zi Yan: "Re: [PATCH v2 3/4] folio_batch: Rename pagevec.h to folio_batch.h"
Previous message: Jeff Johnson: "Re: [PATCH v3] wifi: ath11k: fix memory leaks in beacon template setup"
Next in thread: Paulo Alcantara: "Re: [PATCH] smb: client: Don't log plaintext credentials in cifs_set_cifscreds"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Thorsten Blum

Date: Thu Feb 26 2026 - 16:30:20 EST

When debug logging is enabled, cifs_set_cifscreds() logs the key
payload and exposes the plaintext username and password. Remove the
debug log to avoid exposing credentials.

Fixes: 8a8798a5ff90 ("cifs: fetch credentials out of keyring for non-krb5 auth multiuser mounts")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx>
---
fs/smb/client/connect.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
index 33dfe116ca52..038f87062419 100644
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -2236,7 +2236,6 @@ cifs_set_cifscreds(struct smb3_fs_context *ctx, struct cifs_ses *ses)
/* find first : in payload */
payload = upayload->data;
delim = strnchr(payload, upayload->datalen, ':');
- cifs_dbg(FYI, "payload=%s\n", payload);
if (!delim) {
cifs_dbg(FYI, "Unable to find ':' in payload (datalen=%d)\n",
upayload->datalen);
--
Thorsten Blum <thorsten.blum@xxxxxxxxx>
GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4