Mercurial > dovecot > core-2.2
changeset 21742:0347ed67254e
auth: Properly hide all fields with passwords
client reply line wasn't hiding all items
which contain 'pass' substring. This was
inconsistent behaviour since elsewhere this was done.
| author | Aki Tuomi <aki.tuomi@dovecot.fi> |
|---|---|
| date | Wed, 15 Mar 2017 13:29:11 +0200 |
| parents | ad2aa897a8d7 |
| children | 6f75b9de84e1 |
| files | src/auth/auth-client-connection.c |
| diffstat | 1 files changed, 21 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-client-connection.c Wed Mar 15 18:20:31 2017 +0200 +++ b/src/auth/auth-client-connection.c Wed Mar 15 13:29:11 2017 +0200 @@ -34,17 +34,31 @@ static const char *reply_line_hide_pass(const char *line) { + string_t *newline; const char *p, *p2; - /* hide proxy reply password */ - p = strstr(line, "\tpass="); - if (p == NULL) + if (strstr(line, "pass") == NULL) return line; - p += 6; + + newline = t_str_new(strlen(line)); + + const char *const *fields = t_strsplit(line, "\t"); - p2 = strchr(p, '\t'); - return t_strconcat(t_strdup_until(line, p), PASSWORD_HIDDEN_STR, - p2, NULL); + while(*fields != NULL) { + p = strstr(*fields, "pass"); + p2 = strchr(*fields, '='); + if (p == NULL || p2 == NULL || p2 < p) { + str_append(newline, *fields); + } else { + /* include = */ + str_append_data(newline, *fields, (p2 - *fields)+1); + str_append(newline, PASSWORD_HIDDEN_STR); + } + str_append_c(newline, '\t'); + fields++; + } + + return str_c(newline); } static void auth_client_send(struct auth_client_connection *conn,