Previously, OpenVPN might log a client's auth-user-pass

password if the verbosity was set to a high debug level
such as 7 or higher.  Normally this would only be used by
developers.  Now, even at high debug levels, the password
will not be output.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3073 e7ae566f-a301-0410-adde-c780ea21d3b5

3 files changed, 19 insertions, 2 deletions

diff --git a/misc.c b/misc.c
index 8f80ee1..8eff3d7 100644
--- a/misc.c
+++ b/misc.c
@@ -770,7 +770,8 @@ env_set_print (int msglevel, const struct env_set *es)
 
 	  while (e)
 	    {
-	      msg (msglevel, "ENV [%d] '%s'", i, e->string);
+	      if (env_safe_to_print (e->string))
+		msg (msglevel, "ENV [%d] '%s'", i, e->string);
 	      ++i;
 	      e = e->next;
 	    }
@@ -1454,6 +1455,16 @@ safe_print (const char *str, struct gc_arena *gc)
   return string_mod_const (str, CC_PRINT, CC_CRLF, '.', gc);
 }
 
+bool
+env_safe_to_print (const char *str)
+{
+#ifndef UNSAFE_DEBUG
+  if (strncmp (str, "password", 8) == 0)
+    return false;
+#endif
+  return true;
+}
+
 /* Make arrays of strings */
 
 const char **
diff --git a/misc.h b/misc.h
index 30f6eaf..ffc7e24 100644
--- a/misc.h
+++ b/misc.h
@@ -265,6 +265,9 @@ void purge_user_pass (struct user_pass *up, const bool force);
  */
 const char *safe_print (const char *str, struct gc_arena *gc);
 
+/* returns true if environmental variable safe to print to log */
+bool env_safe_to_print (const char *str);
+
 /*
  * A sleep function that services the management layer for n
  * seconds rather than doing nothing.
diff --git a/plugin.c b/plugin.c
index 91d8314..3b0c435 100644
--- a/plugin.c
+++ b/plugin.c
@@ -43,7 +43,10 @@ plugin_show_string_array (int msglevel, const char *name, const char *array[])
 {
   int i;
   for (i = 0; array[i]; ++i)
-    msg (msglevel, "%s[%d] = '%s'", name, i, array[i]);
+    {
+      if (env_safe_to_print (array[i]))
+	msg (msglevel, "%s[%d] = '%s'", name, i, array[i]);
+    }
 }
 
 static void