Redact "echo" directive strings from log, since

these strings (going forward) could conceivably
contain security-sensitive data.

Version 2.1.7

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7480 e7ae566f-a301-0410-adde-c780ea21d3b5

diff --git a/misc.c b/misc.c
index 136e4ceee463ffd2acd8bc64410231c684720917..569c8e7dead7119d4fe470c43adb907abd1d6e2e 100644 (file)
--- a/misc.c
+++ b/misc.c
@@ -2408,6 +2408,11 @@ sanitize_control_message(const char *str, struct gc_arena *gc)
          cp += 7;
          redact = true;
        }
+      else if (c == 'e' && !strncmp(cp, "echo ", 5))
+       {
+         cp += 4;
+         redact = true;
+       }
       else
        {
          if (c == ',') /* end of session id? */

diff --git a/options.c b/options.c
index 96954756f8103af8d47773964739199375811d5d..7da1180f735d24c3853888323479908b69c4592c 100644 (file)
--- a/options.c
+++ b/options.c
@@ -3886,9 +3886,13 @@ add_option (struct options *options,
        }
       if (good)
        {
+#if 0
+         /* removed for now since ECHO can potentially include
+            security-sensitive strings */
          msg (M_INFO, "%s:%s",
               pull_mode ? "ECHO-PULL" : "ECHO",
               BSTR (&string));
+#endif
 #ifdef ENABLE_MANAGEMENT
          if (management)
            management_echo (management, BSTR (&string), pull_mode);