Browse code
Redact "echo" directive strings from log, since these strings (going forward) could conceivably contain security-sensitive data.
Version 2.1.7
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7480 e7ae566f-a301-0410-adde-c780ea21d3b5
James Yonan authored on 2011/07/28 10:29:12Showing 2 changed files
| ... | ... |
@@ -2408,6 +2408,11 @@ sanitize_control_message(const char *str, struct gc_arena *gc) |
| 2408 | 2408 |
cp += 7; |
| 2409 | 2409 |
redact = true; |
| 2410 | 2410 |
} |
| 2411 |
+ else if (c == 'e' && !strncmp(cp, "echo ", 5)) |
|
| 2412 |
+ {
|
|
| 2413 |
+ cp += 4; |
|
| 2414 |
+ redact = true; |
|
| 2415 |
+ } |
|
| 2411 | 2416 |
else |
| 2412 | 2417 |
{
|
| 2413 | 2418 |
if (c == ',') /* end of session id? */ |
| ... | ... |
@@ -3886,9 +3886,13 @@ add_option (struct options *options, |
| 3886 | 3886 |
} |
| 3887 | 3887 |
if (good) |
| 3888 | 3888 |
{
|
| 3889 |
+#if 0 |
|
| 3890 |
+ /* removed for now since ECHO can potentially include |
|
| 3891 |
+ security-sensitive strings */ |
|
| 3889 | 3892 |
msg (M_INFO, "%s:%s", |
| 3890 | 3893 |
pull_mode ? "ECHO-PULL" : "ECHO", |
| 3891 | 3894 |
BSTR (&string)); |
| 3895 |
+#endif |
|
| 3892 | 3896 |
#ifdef ENABLE_MANAGEMENT |
| 3893 | 3897 |
if (management) |
| 3894 | 3898 |
management_echo (management, BSTR (&string), pull_mode); |