diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-17 23:31:16 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-17 23:31:16 +0000 |
| commit | 093e7eba18610c1b154dc0282ef572626f7d34f9 (patch) | |
| tree | a0e5235623b8ba641926936fed9cf59fe0074d6e /misc.c | |
| parent | 73b7e6988491781703859675b0c86051e79a7d9d (diff) | |
| download | openvpn-093e7eba18610c1b154dc0282ef572626f7d34f9.tar.gz openvpn-093e7eba18610c1b154dc0282ef572626f7d34f9.tar.xz openvpn-093e7eba18610c1b154dc0282ef572626f7d34f9.zip | |
Previously, OpenVPN might log a client's auth-user-pass
password if the verbosity was set to a high debug level
such as 7 or higher. Normally this would only be used by
developers. Now, even at high debug levels, the password
will not be output.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3073 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'misc.c')
| -rw-r--r-- | misc.c | 13 |
1 files changed, 12 insertions, 1 deletions
@@ -770,7 +770,8 @@ env_set_print (int msglevel, const struct env_set *es) while (e) { - msg (msglevel, "ENV [%d] '%s'", i, e->string); + if (env_safe_to_print (e->string)) + msg (msglevel, "ENV [%d] '%s'", i, e->string); ++i; e = e->next; } @@ -1454,6 +1455,16 @@ safe_print (const char *str, struct gc_arena *gc) return string_mod_const (str, CC_PRINT, CC_CRLF, '.', gc); } +bool +env_safe_to_print (const char *str) +{ +#ifndef UNSAFE_DEBUG + if (strncmp (str, "password", 8) == 0) + return false; +#endif + return true; +} + /* Make arrays of strings */ const char ** |