Previously, OpenVPN might log a client's auth-user-pass

password if the verbosity was set to a high debug level such as 7 or higher. Normally this would only be used by developers. Now, even at high debug levels, the password will not be output. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3073 e7ae566f-a301-0410-adde-c780ea21d3b5
author: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2008-07-17 23:31:16 +0000
committer: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2008-07-17 23:31:16 +0000
commit: 093e7eba18610c1b154dc0282ef572626f7d34f9 (patch)
tree: a0e5235623b8ba641926936fed9cf59fe0074d6e /misc.c
parent: gen_path now rejects filenames that match Windows (diff)
download: openvpn-093e7eba18610c1b154dc0282ef572626f7d34f9.tar.xz
1 files changed, 12 insertions, 1 deletions
diff --git a/misc.c b/misc.c
index 8f80ee1..8eff3d7 100644
--- a/misc.c
+++ b/misc.c
@@ -770,7 +770,8 @@ env_set_print (int msglevel, const struct env_set *es)
 
 	  while (e)
 	    {
-	      msg (msglevel, "ENV [%d] '%s'", i, e->string);
+	      if (env_safe_to_print (e->string))
+		msg (msglevel, "ENV [%d] '%s'", i, e->string);
 	      ++i;
 	      e = e->next;
 	    }
@@ -1454,6 +1455,16 @@ safe_print (const char *str, struct gc_arena *gc)
   return string_mod_const (str, CC_PRINT, CC_CRLF, '.', gc);
 }
 
+bool
+env_safe_to_print (const char *str)
+{
+#ifndef UNSAFE_DEBUG
+  if (strncmp (str, "password", 8) == 0)
+    return false;
+#endif
+  return true;
+}
+
 /* Make arrays of strings */
 
 const char **
author	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2008-07-17 23:31:16 +0000
committer	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2008-07-17 23:31:16 +0000
commit	093e7eba18610c1b154dc0282ef572626f7d34f9 (patch)
tree	a0e5235623b8ba641926936fed9cf59fe0074d6e /misc.c
parent	gen_path now rejects filenames that match Windows (diff)
download	openvpn-093e7eba18610c1b154dc0282ef572626f7d34f9.tar.xz