From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Tue, 14 Aug 2018 12:24:56 +0000 (+0300)
Subject: doveconf: Use key_ends_with to compare suffixes
X-Git-Tag: 2.3.9~1562
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=970d8291c7ab22cea01e50ffb342780b8fe2b5f0;p=thirdparty%2Fdovecot%2Fcore.git

doveconf: Use key_ends_with to compare suffixes

Fixes key hiding.

Broken in 1518e085
---

diff --git a/src/config/doveconf.c b/src/config/doveconf.c
index f4cc593035..13eb492592 100644
--- a/src/config/doveconf.c
+++ b/src/config/doveconf.c
@@ -239,6 +239,14 @@ hide_url_userpart_from_value(struct ostream *output, const char **_ptr,
 	return TRUE;
 }
 
+static inline bool key_ends_with(const char *key, const char *eptr,
+				 const char *suffix)
+{
+	/* take = into account */
+	size_t n = strlen(suffix)+1;
+	return (eptr-key > (ptrdiff_t)n && str_begins(eptr-n, suffix));
+}
+
 static bool
 hide_secrets_from_value(struct ostream *output, const char *key,
 			const char *value)
@@ -246,8 +254,8 @@ hide_secrets_from_value(struct ostream *output, const char *key,
 	bool ret = FALSE, quote = value_need_quote(value);
 	const char *ptr, *optr, *secret;
 	if (*value != '\0' &&
-	    ((value-key > 8 && str_begins(value-9, "_password")) ||
-	     (value-key > 7 && str_begins(value-8, "_api_key")) ||
+	    (key_ends_with(key, value, "_password") ||
+	     key_ends_with(key, value, "_api_key") ||
 	     str_begins(key, "ssl_key") ||
 	     str_begins(key, "ssl_dh"))) {
 		o_stream_nsend_str(output, "# hidden, use -P to show it");