]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 22a6e45)
cmdline:burn: handle arguments separated from their --options
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Thu, 27 Jun 2024 03:40:16 +0000 (15:40 +1200)
committerJule Anger <janger@samba.org>
Tue, 23 Jul 2024 07:32:13 +0000 (07:32 +0000)
We weren't treating "--password secret" the same as "--password=secret",
which sometimes led to secrets not being redacted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
(cherry picked from commit 53a1184525279741e116350a9b53da15cb2f41d0)

lib/cmdline/cmdline.c patch | blob | blame | history
selftest/knownfail.d/cmdline [deleted file] patch | blob | blame | history

diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index 3e0545e7b898f098b7c798f6e8a288f55ec90740..48801be2606c0336bec4cc2da231f578d3132cdc 100644 (file)
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -180,7 +180,32 @@ bool samba_cmdline_burn(int argc, char *argv[])
                        char *q = NULL;
 
                        if (strlen(p) == ulen) {
-                               continue;
+                               /*
+                                * The option string has no '=', so
+                                * its argument will come in the NEXT
+                                * argv member. If there is one, we
+                                * can just step forward and take it,
+                                * setting ulen to 0.
+                                *
+                                * {"--password=secret"}    --> {"--password"}
+                                * {"--password", "secret"} --> {"--password", ""}
+                                * {"-Uadmin%secret"}       --> {"-Uadmin"}
+                                * {"-U", "admin%secret"}   --> {"-U", "admin"}
+                                */
+                               i++;
+                               if (i == argc) {
+                                       /*
+                                        * this looks like an invalid
+                                        * command line, but that's
+                                        * for the caller to decide.
+                                        */
+                                       return burnt;
+                               }
+                               p = argv[i];
+                               if (p == NULL) {
+                                       return false;
+                               }
+                               ulen = 0;
                        }
 
                        if (is_user) {
diff --git a/selftest/knownfail.d/cmdline b/selftest/knownfail.d/cmdline
deleted file mode 100644 (file)
index c9e4a86..0000000
--- a/selftest/knownfail.d/cmdline
+++ /dev/null
@@ -1 +0,0 @@
-^samba.unittests.cmdline.torture_cmdline_burn.none.$
Mirror of https://github.com/samba-team/samba.git