Commit 58673ac6 authored Nov 07, 2024 by Henrique Carvalho Committed by Yongjian Sun Nov 07, 2024

smb: client: Handle kstrdup failures for passwords

mainline inclusion
from mainline-v6.12-rc3
commit 9a5dd61151399ad5a5d69aad28ab164734c1e3bc
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB2BX3
CVE: CVE-2024-50120

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9a5dd61151399ad5a5d69aad28ab164734c1e3bc



--------------------------------

In smb3_reconfigure(), after duplicating ctx->password and
ctx->password2 with kstrdup(), we need to check for allocation
failures.

If ses->password allocation fails, return -ENOMEM.
If ses->password2 allocation fails, free ses->password, set it
to NULL, and return -ENOMEM.

Fixes: c1eb537bf456 ("cifs: allow changing password during remount")
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Haoxiang Li <make24@iscas.ac.cn>
Signed-off-by: Henrique Carvalho <henrique.carvalho@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Yongjian Sun <sunyongjian1@huawei.com>

parent 22b613ee

fs/smb/client/fs_context.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -918,8 +918,15 @@ static int smb3_reconfigure(struct fs_context *fc)
		else {
		kfree_sensitive(ses->password);
		ses->password = kstrdup(ctx->password, GFP_KERNEL);
		if (!ses->password)
		return -ENOMEM;
		kfree_sensitive(ses->password2);
		ses->password2 = kstrdup(ctx->password2, GFP_KERNEL);
		if (!ses->password2) {
		kfree_sensitive(ses->password);
		ses->password = NULL;
		return -ENOMEM;
		}
		}
		STEAL_STRING(cifs_sb, ctx, domainname);
		STEAL_STRING(cifs_sb, ctx, nodename);