summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-07-17 23:31:16 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-07-17 23:31:16 +0000
commit093e7eba18610c1b154dc0282ef572626f7d34f9 (patch)
treea0e5235623b8ba641926936fed9cf59fe0074d6e
parent73b7e6988491781703859675b0c86051e79a7d9d (diff)
downloadopenvpn-093e7eba18610c1b154dc0282ef572626f7d34f9.zip
openvpn-093e7eba18610c1b154dc0282ef572626f7d34f9.tar.gz
openvpn-093e7eba18610c1b154dc0282ef572626f7d34f9.tar.xz
Previously, OpenVPN might log a client's auth-user-pass
password if the verbosity was set to a high debug level such as 7 or higher. Normally this would only be used by developers. Now, even at high debug levels, the password will not be output. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3073 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r--misc.c13
-rw-r--r--misc.h3
-rw-r--r--plugin.c5
3 files changed, 19 insertions, 2 deletions
diff --git a/misc.c b/misc.c
index 8f80ee1..8eff3d7 100644
--- a/misc.c
+++ b/misc.c
@@ -770,7 +770,8 @@ env_set_print (int msglevel, const struct env_set *es)
while (e)
{
- msg (msglevel, "ENV [%d] '%s'", i, e->string);
+ if (env_safe_to_print (e->string))
+ msg (msglevel, "ENV [%d] '%s'", i, e->string);
++i;
e = e->next;
}
@@ -1454,6 +1455,16 @@ safe_print (const char *str, struct gc_arena *gc)
return string_mod_const (str, CC_PRINT, CC_CRLF, '.', gc);
}
+bool
+env_safe_to_print (const char *str)
+{
+#ifndef UNSAFE_DEBUG
+ if (strncmp (str, "password", 8) == 0)
+ return false;
+#endif
+ return true;
+}
+
/* Make arrays of strings */
const char **
diff --git a/misc.h b/misc.h
index 30f6eaf..ffc7e24 100644
--- a/misc.h
+++ b/misc.h
@@ -265,6 +265,9 @@ void purge_user_pass (struct user_pass *up, const bool force);
*/
const char *safe_print (const char *str, struct gc_arena *gc);
+/* returns true if environmental variable safe to print to log */
+bool env_safe_to_print (const char *str);
+
/*
* A sleep function that services the management layer for n
* seconds rather than doing nothing.
diff --git a/plugin.c b/plugin.c
index 91d8314..3b0c435 100644
--- a/plugin.c
+++ b/plugin.c
@@ -43,7 +43,10 @@ plugin_show_string_array (int msglevel, const char *name, const char *array[])
{
int i;
for (i = 0; array[i]; ++i)
- msg (msglevel, "%s[%d] = '%s'", name, i, array[i]);
+ {
+ if (env_safe_to_print (array[i]))
+ msg (msglevel, "%s[%d] = '%s'", name, i, array[i]);
+ }
}
static void