diff options
author | James Yonan | 2011-07-28 06:01:23 +0000 |
---|---|---|
committer | David Sommerseth | 2011-08-24 13:30:24 +0200 |
commit | a296f99b8e9a366f189bec6eac2466b76cec3e48 (patch) | |
tree | 20bda95a0a2437ddaf4186755886a958d8210a5b | |
parent | 429ab795202dc359f6e282a5addccf4f312317cc (diff) | |
download | openvpn-a296f99b8e9a366f189bec6eac2466b76cec3e48.zip openvpn-a296f99b8e9a366f189bec6eac2466b76cec3e48.tar.gz |
Modified sanitize_control_message to remove redacted data from
control string rather than blotting it out with "_" chars.
Version 2.1.8
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7482 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r-- | misc.c | 46 |
1 files changed, 29 insertions, 17 deletions
@@ -2387,40 +2387,52 @@ openvpn_basename (const char *path) } /* - * Remove SESS_ID_x strings (i.e. auth tokens) from control message - * strings so that they will not be output to log file. + * Remove security-sensitive strings from control message + * so that they will not be output to log file. */ const char * -sanitize_control_message(const char *str, struct gc_arena *gc) +sanitize_control_message(const char *src, struct gc_arena *gc) { - char *ret = gc_malloc (strlen(str)+1, false, gc); - char *cp = ret; + char *ret = gc_malloc (strlen(src)+1, false, gc); + char *dest = ret; bool redact = false; + int skip = 0; - strcpy(ret, str); for (;;) { - const char c = *cp; + const char c = *src; if (c == '\0') break; - if (c == 'S' && !strncmp(cp, "SESS_ID_", 8)) + if (c == 'S' && !strncmp(src, "SESS_ID_", 8)) { - cp += 7; + skip = 7; redact = true; } - else if (c == 'e' && !strncmp(cp, "echo ", 5)) + else if (c == 'e' && !strncmp(src, "echo ", 5)) { - cp += 4; + skip = 4; redact = true; } - else + + if (c == ',') /* end of redacted item? */ { - if (c == ',') /* end of session id? */ - redact = false; - if (redact) - *cp = '_'; + skip = 0; + redact = false; } - ++cp; + + if (redact) + { + if (skip > 0) + { + --skip; + *dest++ = c; + } + } + else + *dest++ = c; + + ++src; } + *dest = '\0'; return ret; } |