| commit | 4e44cf1419747c178ce76deaefb8cb1dfca20865 | |
| author | Jeff Layton <jlayton@redhat.com> | |
| Fri, 25 Sep 2009 11:01:59 +0000 (25 07:01 -0400) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Thu, 1 Oct 2009 12:26:58 +0000 (1 14:26 +0200) | ||
| tree | 67cf8eb83217480928d2b9434793a188ef717b47 | treesnapshot (tar.gz zip) |
| parent | 5942b8b3aca131510d0efc0288144ce82d87443c | commitdiff |
mount.cifs: don't leak passwords with verbose option
When running mount.cifs with the --verbose option, it'll print out the
option string that it passes to the kernel...including the mount
password if there is one. Print a placeholder string instead to help
ensure that this info can't be used for nefarious purposes.
Also, the --verbose option printed the option string before it was
completely assembled anyway. This patch should also make sure that
the complete option string is printed out.
Finally, strndup passwords passed in on the command line to ensure that
they aren't shown by --verbose as well. Passwords used this way can
never be truly kept private from other users on the machine of course,
but it's simple enough to do it this way for completeness sake.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <sfrench@us.ibm.com>
Part 2/2 of a fix for CVE-2009-2948.
(cherry picked from commit ec0ee6753818d546ad5817bdb09cdd3b7c5673af)
When running mount.cifs with the --verbose option, it'll print out the
option string that it passes to the kernel...including the mount
password if there is one. Print a placeholder string instead to help
ensure that this info can't be used for nefarious purposes.
Also, the --verbose option printed the option string before it was
completely assembled anyway. This patch should also make sure that
the complete option string is printed out.
Finally, strndup passwords passed in on the command line to ensure that
they aren't shown by --verbose as well. Passwords used this way can
never be truly kept private from other users on the machine of course,
but it's simple enough to do it this way for completeness sake.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <sfrench@us.ibm.com>
Part 2/2 of a fix for CVE-2009-2948.
(cherry picked from commit ec0ee6753818d546ad5817bdb09cdd3b7c5673af)
| source/client/mount.cifs.c | diffblobblamehistory |