changeset 21742:0347ed67254e

auth: Properly hide all fields with passwords client reply line wasn't hiding all items which contain 'pass' substring. This was inconsistent behaviour since elsewhere this was done.
author Aki Tuomi <aki.tuomi@dovecot.fi>
date Wed, 15 Mar 2017 13:29:11 +0200
parents ad2aa897a8d7
children 6f75b9de84e1
files src/auth/auth-client-connection.c
diffstat 1 files changed, 21 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/auth-client-connection.c	Wed Mar 15 18:20:31 2017 +0200
+++ b/src/auth/auth-client-connection.c	Wed Mar 15 13:29:11 2017 +0200
@@ -34,17 +34,31 @@
 
 static const char *reply_line_hide_pass(const char *line)
 {
+	string_t *newline;
 	const char *p, *p2;
 
-	/* hide proxy reply password */
-	p = strstr(line, "\tpass=");
-	if (p == NULL)
+	if (strstr(line, "pass") == NULL)
 		return line;
-	p += 6;
+
+	newline = t_str_new(strlen(line));
+
+	const char *const *fields = t_strsplit(line, "\t");
 
-	p2 = strchr(p, '\t');
-	return t_strconcat(t_strdup_until(line, p), PASSWORD_HIDDEN_STR,
-			   p2, NULL);
+	while(*fields != NULL) {
+		p = strstr(*fields, "pass");
+		p2 = strchr(*fields, '=');
+		if (p == NULL || p2 == NULL || p2 < p) {
+			str_append(newline, *fields);
+		} else {
+			/* include = */
+			str_append_data(newline, *fields, (p2 - *fields)+1);
+			str_append(newline, PASSWORD_HIDDEN_STR);
+		}
+		str_append_c(newline, '\t');
+		fields++;
+	}
+
+	return str_c(newline);
 }
 
 static void auth_client_send(struct auth_client_connection *conn,