mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
Modified sanitize_control_message to remove redacted data from
control string rather than blotting it out with "_" chars. Version 2.1.8 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7482 e7ae566f-a301-0410-adde-c780ea21d3b5
This commit is contained in:
parent
429ab79520
commit
a296f99b8e
48
misc.c
48
misc.c
@ -2387,40 +2387,52 @@ openvpn_basename (const char *path)
|
||||
}
|
||||
|
||||
/*
|
||||
* Remove SESS_ID_x strings (i.e. auth tokens) from control message
|
||||
* strings so that they will not be output to log file.
|
||||
* Remove security-sensitive strings from control message
|
||||
* so that they will not be output to log file.
|
||||
*/
|
||||
const char *
|
||||
sanitize_control_message(const char *str, struct gc_arena *gc)
|
||||
sanitize_control_message(const char *src, struct gc_arena *gc)
|
||||
{
|
||||
char *ret = gc_malloc (strlen(str)+1, false, gc);
|
||||
char *cp = ret;
|
||||
char *ret = gc_malloc (strlen(src)+1, false, gc);
|
||||
char *dest = ret;
|
||||
bool redact = false;
|
||||
int skip = 0;
|
||||
|
||||
strcpy(ret, str);
|
||||
for (;;)
|
||||
{
|
||||
const char c = *cp;
|
||||
const char c = *src;
|
||||
if (c == '\0')
|
||||
break;
|
||||
if (c == 'S' && !strncmp(cp, "SESS_ID_", 8))
|
||||
if (c == 'S' && !strncmp(src, "SESS_ID_", 8))
|
||||
{
|
||||
cp += 7;
|
||||
skip = 7;
|
||||
redact = true;
|
||||
}
|
||||
else if (c == 'e' && !strncmp(cp, "echo ", 5))
|
||||
else if (c == 'e' && !strncmp(src, "echo ", 5))
|
||||
{
|
||||
cp += 4;
|
||||
skip = 4;
|
||||
redact = true;
|
||||
}
|
||||
|
||||
if (c == ',') /* end of redacted item? */
|
||||
{
|
||||
skip = 0;
|
||||
redact = false;
|
||||
}
|
||||
|
||||
if (redact)
|
||||
{
|
||||
if (skip > 0)
|
||||
{
|
||||
--skip;
|
||||
*dest++ = c;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (c == ',') /* end of session id? */
|
||||
redact = false;
|
||||
if (redact)
|
||||
*cp = '_';
|
||||
}
|
||||
++cp;
|
||||
*dest++ = c;
|
||||
|
||||
++src;
|
||||
}
|
||||
*dest = '\0';
|
||||
return ret;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user