Skip to content

Commit 8acc963

Browse files
0x6a656666piastry
authored andcommitted
mount.cifs: fix verbose messages on option parsing
When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains '=' signs. Bug: https://bugzilla.samba.org/show_bug.cgi?id=15026 Signed-off-by: Jeffrey Bencteux <jbe@improsec.com> Reviewed-by: David Disseldorp <ddiss@suse.de>
1 parent 007c07f commit 8acc963

File tree

1 file changed

+1
-5
lines changed

1 file changed

+1
-5
lines changed

Diff for: mount.cifs.c

+1-5
Original file line numberDiff line numberDiff line change
@@ -628,17 +628,13 @@ static int open_cred_file(char *file_name,
628628
goto return_i;
629629
break;
630630
case CRED_DOM:
631-
if (parsed_info->verboseflag)
632-
fprintf(stderr, "domain=%s\n",
633-
temp_val);
634631
strlcpy(parsed_info->domain, temp_val,
635632
sizeof(parsed_info->domain));
636633
break;
637634
case CRED_UNPARSEABLE:
638635
if (parsed_info->verboseflag)
639636
fprintf(stderr, "Credential formatted "
640-
"incorrectly: %s\n",
641-
temp_val ? temp_val : "(null)");
637+
"incorrectly\n");
642638
break;
643639
}
644640
}

0 commit comments

Comments
 (0)