1From 8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379 Mon Sep 17 00:00:00 2001 2From: Jeffrey Bencteux <jbe@improsec.com> 3Date: Sat, 19 Mar 2022 13:41:15 -0400 4Subject: [PATCH] mount.cifs: fix verbose messages on option parsing 5 6When verbose logging is enabled, invalid credentials file lines may be 7dumped to stderr. This may lead to information disclosure in particular 8conditions when the credentials file given is sensitive and contains '=' 9signs. 10 11Bug: https://bugzilla.samba.org/show_bug.cgi?id=15026 12 13Signed-off-by: Jeffrey Bencteux <jbe@improsec.com> 14Reviewed-by: David Disseldorp <ddiss@suse.de> 15 16Upstream-Status: Backport [https://git.samba.org/?p=cifs-utils.git;a=commit;h=8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379] 17CVE: CVE-2022-29869 18Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> 19--- 20 mount.cifs.c | 6 +----- 21 1 file changed, 1 insertion(+), 5 deletions(-) 22 23diff --git a/mount.cifs.c b/mount.cifs.c 24index 3a6b449..2278995 100644 25--- a/mount.cifs.c 26+++ b/mount.cifs.c 27@@ -628,17 +628,13 @@ static int open_cred_file(char *file_name, 28 goto return_i; 29 break; 30 case CRED_DOM: 31- if (parsed_info->verboseflag) 32- fprintf(stderr, "domain=%s\n", 33- temp_val); 34 strlcpy(parsed_info->domain, temp_val, 35 sizeof(parsed_info->domain)); 36 break; 37 case CRED_UNPARSEABLE: 38 if (parsed_info->verboseflag) 39 fprintf(stderr, "Credential formatted " 40- "incorrectly: %s\n", 41- temp_val ? temp_val : "(null)"); 42+ "incorrectly\n"); 43 break; 44 } 45 } 46-- 472.34.1 48 49