diff options
Diffstat (limited to 'meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch')
-rw-r--r-- | meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch b/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch new file mode 100644 index 0000000000..f0c3f37dec --- /dev/null +++ b/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch @@ -0,0 +1,48 @@ +From 8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379 Mon Sep 17 00:00:00 2001 +From: Jeffrey Bencteux <jbe@improsec.com> +Date: Sat, 19 Mar 2022 13:41:15 -0400 +Subject: [PATCH] mount.cifs: fix verbose messages on option parsing + +When verbose logging is enabled, invalid credentials file lines may be +dumped to stderr. This may lead to information disclosure in particular +conditions when the credentials file given is sensitive and contains '=' +signs. + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=15026 + +Signed-off-by: Jeffrey Bencteux <jbe@improsec.com> +Reviewed-by: David Disseldorp <ddiss@suse.de> + +Upstream-Status: Backport [https://git.samba.org/?p=cifs-utils.git;a=commit;h=8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379] +CVE: CVE-2022-29869 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + mount.cifs.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 3a6b449..2278995 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -628,17 +628,13 @@ static int open_cred_file(char *file_name, + goto return_i; + break; + case CRED_DOM: +- if (parsed_info->verboseflag) +- fprintf(stderr, "domain=%s\n", +- temp_val); + strlcpy(parsed_info->domain, temp_val, + sizeof(parsed_info->domain)); + break; + case CRED_UNPARSEABLE: + if (parsed_info->verboseflag) + fprintf(stderr, "Credential formatted " +- "incorrectly: %s\n", +- temp_val ? temp_val : "(null)"); ++ "incorrectly\n"); + break; + } + } +-- +2.34.1 + |