[PATCH] cifs: Use kzfree() to zero out the password
Steve French
smfrench at gmail.com
Tue Aug 27 15:46:41 UTC 2019
merged into cifs-2.6.git for-next
On Tue, Aug 27, 2019 at 6:02 AM Dan Carpenter <dan.carpenter at oracle.com> wrote:
>
> It's safer to zero out the password so that it can never be disclosed.
>
> Fixes: 0c219f5799c7 ("cifs: set domainName when a domain-key is used in multiuser")
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
> ---
> fs/cifs/connect.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index e6cc5c4b0f19..642bbb5bee3a 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -3101,7 +3101,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
> rc = -ENOMEM;
> kfree(vol->username);
> vol->username = NULL;
> - kfree(vol->password);
> + kzfree(vol->password);
> vol->password = NULL;
> goto out_key_put;
> }
> --
> 2.20.1
>
--
Thanks,
Steve
More information about the samba-technical
mailing list