Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[LTS 9.2] fs/smb/client: Reset password pointer to NULL #148

Draft
wants to merge 1 commit into
base: ciqlts9_2
Choose a base branch
from
Draft

[LTS 9.2] fs/smb/client: Reset password pointer to NULL #148

wants to merge 1 commit into from

Conversation

pvts-mat
Copy link

@pvts-mat pvts-mat commented Mar 1, 2025 

jira VULN-8159
cve CVE-2023-5345
commit-author Quang Le <quanglex97@gmail.com>
commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705
upstream-diff The mainline `e6e43b8a' commit consisting of a single
              line `ctx->password = NULL' is a fix of commit
              `a4e430c8c8ba96be8c6ec4f2eb108bb8bcbee069' (not mentioned
              anywhere), whose erroneous code is not present in `ciqlts9_2', so
              the fix doesn't apply. The `a4e430c8' commit can be treated as a
              vulnerability patch itself (erasing passwords stored on heap upon
              freeing, thus ensuring that no secrets linger in RAM). However,
              it's not a part of CVE-2023-5345, or any other CVE for that
              matter.

Forget to reset ctx->password to NULL will lead to bug like double free

	Cc: stable@vger.kernel.org
	Cc: Willy Tarreau <w@1wt.eu>
	Reviewed-by: Namjae Jeon <linkinjeon@kernel.org>
	Signed-off-by: Quang Le <quanglex97@gmail.com>
	Signed-off-by: Steve French <stfrench@microsoft.com>
(cherry picked from commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705)
	Signed-off-by: Marcin Wcisło <marcin.wcislo@conclusive.pl>

# Conflicts:
#	fs/cifs/fs_context.c

@pvts-mat
fs/smb/client: Reset password pointer to NULL
00d256a 
jira VULN-8159
cve CVE-2023-5345
commit-author Quang Le <quanglex97@gmail.com>
commit e6e43b8
upstream-diff The mainline `e6e43b8a' commit consisting of a single
              line `ctx->password = NULL' is a fix of commit
              `a4e430c8c8ba96be8c6ec4f2eb108bb8bcbee069' (not mentioned
              anywhere), whose erroneous code is not present in `ciqlts9_2', so
              the fix doesn't apply. The `a4e430c8' commit can be treated as a
              vulnerability patch itself (erasing passwords stored on heap upon
              freeing, thus ensuring that no secrets linger in RAM). However,
              it's not a part of CVE-2023-5345, or any other CVE for that
              matter.

Forget to reset ctx->password to NULL will lead to bug like double free

	Cc: stable@vger.kernel.org
	Cc: Willy Tarreau <w@1wt.eu>
	Reviewed-by: Namjae Jeon <linkinjeon@kernel.org>
	Signed-off-by: Quang Le <quanglex97@gmail.com>
	Signed-off-by: Steve French <stfrench@microsoft.com>
(cherry picked from commit e6e43b8)
	Signed-off-by: Marcin Wcisło <marcin.wcislo@conclusive.pl>

# Conflicts:
#	fs/cifs/fs_context.c
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pvts-mat