diff options
author | James Yonan <james@openvpn.net> | 2011-07-28 01:29:12 +0000 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-08-24 13:29:11 +0200 |
commit | 429ab795202dc359f6e282a5addccf4f312317cc (patch) | |
tree | fe016cf41e15845ff073b3a28f2afbe8daee2a5f | |
parent | 20fc33707eab708dfd7e8ffcf2eea0f8362b10b3 (diff) | |
download | openvpn-429ab795202dc359f6e282a5addccf4f312317cc.tar.gz openvpn-429ab795202dc359f6e282a5addccf4f312317cc.tar.xz openvpn-429ab795202dc359f6e282a5addccf4f312317cc.zip |
Redact "echo" directive strings from log, since
these strings (going forward) could conceivably
contain security-sensitive data.
Version 2.1.7
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7480 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r-- | misc.c | 5 | ||||
-rw-r--r-- | options.c | 4 |
2 files changed, 9 insertions, 0 deletions
@@ -2408,6 +2408,11 @@ sanitize_control_message(const char *str, struct gc_arena *gc) cp += 7; redact = true; } + else if (c == 'e' && !strncmp(cp, "echo ", 5)) + { + cp += 4; + redact = true; + } else { if (c == ',') /* end of session id? */ @@ -3886,9 +3886,13 @@ add_option (struct options *options, } if (good) { +#if 0 + /* removed for now since ECHO can potentially include + security-sensitive strings */ msg (M_INFO, "%s:%s", pull_mode ? "ECHO-PULL" : "ECHO", BSTR (&string)); +#endif #ifdef ENABLE_MANAGEMENT if (management) management_echo (management, BSTR (&string), pull_mode); |