fs/smb/client: Reset password pointer to NULL
commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705 upstream.
Forget to reset ctx->password to NULL will lead to bug like double free
BUG=b/303612842
TEST=presubmit
RELEASE_NOTE=Fix CVE-2023-5345 in COS kernel.
cos-patch: security-high
Cc: stable@vger.kernel.org
Cc: Willy Tarreau <w@1wt.eu>
Reviewed-by: Namjae Jeon <linkinjeon@kernel.org>
Change-Id: I38bc17e1db61a3e0094882a180b170196eee22d4
Signed-off-by: Quang Le <quanglex97@gmail.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Nandhini Rengaraj <nrengaraj@google.com>
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/58914
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Oleksandr Tymoshenko <ovt@google.com>
diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
index e2e2ef0..f481859 100644
--- a/fs/smb/client/fs_context.c
+++ b/fs/smb/client/fs_context.c
@@ -1487,6 +1487,7 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,
cifs_parse_mount_err:
kfree_sensitive(ctx->password);
+ ctx->password = NULL;
return -EINVAL;
}
