cifs: Fix memory and information leak in smb3_reconfigure()

GoodLuck612 · smfrench · commit cb6d5aa9c0f1 · 2025-12-24T11:07:15.000-06:00
In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. This causes both a memory leak and a potential information leak. Fix this by calling kfree_sensitive() on both password buffers before returning in this error case. Fixes: 0f0e357 ("cifs: during remount, make sure passwords are in sync") Signed-off-by: Zilin Guan <zilin@seu.edu.cn> Reviewed-by: ChenXiaoSong <chenxiaosong@kylinos.cn> Signed-off-by: Steve French <stfrench@microsoft.com>
diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
@@ -1139,6 +1139,8 @@ static int smb3_reconfigure(struct fs_context *fc)
 	rc = smb3_sync_session_ctx_passwords(cifs_sb, ses);
 	if (rc) {
 		mutex_unlock(&ses->session_mutex);
+		kfree_sensitive(new_password);
+		kfree_sensitive(new_password2);
 		return rc;
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -1139,6 +1139,8 @@ static int smb3_reconfigure(struct fs_context *fc)`
`1139`	`1139`	`rc = smb3_sync_session_ctx_passwords(cifs_sb, ses);`
`1140`	`1140`	`if (rc) {`
`1141`	`1141`	`mutex_unlock(&ses->session_mutex);`
	`1142`	`+ kfree_sensitive(new_password);`
	`1143`	`+ kfree_sensitive(new_password2);`
`1142`	`1144`	`return rc;`
`1143`	`1145`	`}`
`1144`	`1146`