1. Patchew
  2. linux
  3. View series

[PATCH] smb: client: Don't log plaintext credentials in cifs_set_cifscreds

Thorsten Blum posted 1 patch 1 month, 1 week ago 
fs/smb/client/connect.c | 1 -
1 file changed, 1 deletion(-)
[PATCH] smb: client: Don't log plaintext credentials in cifs_set_cifscreds
Posted by Thorsten Blum 1 month, 1 week ago 
When debug logging is enabled, cifs_set_cifscreds() logs the key
payload and exposes the plaintext username and password. Remove the
debug log to avoid exposing credentials.

Fixes: 8a8798a5ff90 ("cifs: fetch credentials out of keyring for non-krb5 auth multiuser mounts")
Cc: stable@vger.kernel.org
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 fs/smb/client/connect.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
index 33dfe116ca52..038f87062419 100644
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -2236,7 +2236,6 @@ cifs_set_cifscreds(struct smb3_fs_context *ctx, struct cifs_ses *ses)
 	/* find first : in payload */
 	payload = upayload->data;
 	delim = strnchr(payload, upayload->datalen, ':');
-	cifs_dbg(FYI, "payload=%s\n", payload);
 	if (!delim) {
 		cifs_dbg(FYI, "Unable to find ':' in payload (datalen=%d)\n",
 			 upayload->datalen);
-- 
Thorsten Blum <thorsten.blum@linux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4
Re: [PATCH] smb: client: Don't log plaintext credentials in cifs_set_cifscreds
Posted by Paulo Alcantara 1 month, 1 week ago 
Thorsten Blum <thorsten.blum@linux.dev> writes:

> When debug logging is enabled, cifs_set_cifscreds() logs the key
> payload and exposes the plaintext username and password. Remove the
> debug log to avoid exposing credentials.
>
> Fixes: 8a8798a5ff90 ("cifs: fetch credentials out of keyring for non-krb5 auth multiuser mounts")
> Cc: stable@vger.kernel.org
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
>  fs/smb/client/connect.c | 1 -
>  1 file changed, 1 deletion(-)

Acked-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
Re: [PATCH] smb: client: Don't log plaintext credentials in cifs_set_cifscreds
Posted by Steve French 1 month, 1 week ago 
Added to cifs-2.6.git for-next pending additional testing (also added
the Acked-by)

On Thu, Feb 26, 2026 at 3:41 PM Paulo Alcantara <pc@manguebit.org> wrote:
>
> Thorsten Blum <thorsten.blum@linux.dev> writes:
>
> > When debug logging is enabled, cifs_set_cifscreds() logs the key
> > payload and exposes the plaintext username and password. Remove the
> > debug log to avoid exposing credentials.
> >
> > Fixes: 8a8798a5ff90 ("cifs: fetch credentials out of keyring for non-krb5 auth multiuser mounts")
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> > ---
> >  fs/smb/client/connect.c | 1 -
> >  1 file changed, 1 deletion(-)
>
> Acked-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>



-- 
Thanks,

Steve

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.