[linux-cifs-client] Possible password left in buffer
Scott Lovenberg
scott.lovenberg at gmail.com
Sat Apr 17 09:47:16 MDT 2010
On Fri, Apr 16, 2010 at 5:32 PM, Scott Lovenberg
<scott.lovenberg at gmail.com>wrote:
> Jeff Layton wrote:
>
> On Thu, 15 Apr 2010 01:06:55 -0400
> Scott Lovenberg <scott.lovenberg at gmail.com> <scott.lovenberg at gmail.com> wrote:
>
>
>
> Just wondering if SAFE_FREE(char*) has to be called on temp_val in
> open_cred_file() of mount.cifs.c. Unless I'm missing something, a parsed
> password will be left in temp_val because it never gets zeroed out.
>
>
>
> Yeah, looks like something that should be fixed. In fact, that whole
> function needs some overhaul -- the magic 4096/4086/4087 numbers in it
> are pretty yucky and make it hard to tell what's going on. That should
> use a #define'd constant. Also, the user= field should probably be
> fixed so that it uses parse_username() too.
>
> Care to send a patch? If not, I'll plan to fix that sometime before the
> next release.
>
> Thanks,
>
>
> Scratch that... I meant a call to memset(), not SAFE_FREE().
I've got a patch set, I just have to test it. I'll commit and email
tonight.
--
Peace and Blessings,
-Scott.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/linux-cifs-client/attachments/20100417/dd941617/attachment.html>
More information about the linux-cifs-client
mailing list