From 093e7eba18610c1b154dc0282ef572626f7d34f9 Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Thu, 17 Jul 2008 23:31:16 +0000
Subject: Previously, OpenVPN might log a client's auth-user-pass password if
 the verbosity was set to a high debug level such as 7 or higher.  Normally
 this would only be used by developers.  Now, even at high debug levels, the
 password will not be output.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3073 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 misc.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'misc.c')

diff --git a/misc.c b/misc.c
index 8f80ee1..8eff3d7 100644
--- a/misc.c
+++ b/misc.c
@@ -770,7 +770,8 @@ env_set_print (int msglevel, const struct env_set *es)
 
 	  while (e)
 	    {
-	      msg (msglevel, "ENV [%d] '%s'", i, e->string);
+	      if (env_safe_to_print (e->string))
+		msg (msglevel, "ENV [%d] '%s'", i, e->string);
 	      ++i;
 	      e = e->next;
 	    }
@@ -1454,6 +1455,16 @@ safe_print (const char *str, struct gc_arena *gc)
   return string_mod_const (str, CC_PRINT, CC_CRLF, '.', gc);
 }
 
+bool
+env_safe_to_print (const char *str)
+{
+#ifndef UNSAFE_DEBUG
+  if (strncmp (str, "password", 8) == 0)
+    return false;
+#endif
+  return true;
+}
+
 /* Make arrays of strings */
 
 const char **
-- 
cgit