aboutsummaryrefslogtreecommitdiff
path: root/misc.c
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-07-17 23:31:16 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-07-17 23:31:16 +0000
commit093e7eba18610c1b154dc0282ef572626f7d34f9 (patch)
treea0e5235623b8ba641926936fed9cf59fe0074d6e /misc.c
parentgen_path now rejects filenames that match Windows (diff)
downloadopenvpn-093e7eba18610c1b154dc0282ef572626f7d34f9.tar.xz
Previously, OpenVPN might log a client's auth-user-pass
password if the verbosity was set to a high debug level such as 7 or higher. Normally this would only be used by developers. Now, even at high debug levels, the password will not be output. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3073 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r--misc.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/misc.c b/misc.c
index 8f80ee1..8eff3d7 100644
--- a/misc.c
+++ b/misc.c
@@ -770,7 +770,8 @@ env_set_print (int msglevel, const struct env_set *es)
while (e)
{
- msg (msglevel, "ENV [%d] '%s'", i, e->string);
+ if (env_safe_to_print (e->string))
+ msg (msglevel, "ENV [%d] '%s'", i, e->string);
++i;
e = e->next;
}
@@ -1454,6 +1455,16 @@ safe_print (const char *str, struct gc_arena *gc)
return string_mod_const (str, CC_PRINT, CC_CRLF, '.', gc);
}
+bool
+env_safe_to_print (const char *str)
+{
+#ifndef UNSAFE_DEBUG
+ if (strncmp (str, "password", 8) == 0)
+ return false;
+#endif
+ return true;
+}
+
/* Make arrays of strings */
const char **