From: Viktor Dukhovni <postfix-users@dukhovni.org>
Date: Thu, 19 Jun 2014 14:58:14 +0000 (-0400)
Subject: Sanitize non-printables in X509_NAME_oneline output
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0302f9f8ae6d6de3c042d6a339a39db6aa67de91;p=thirdparty%2Fpostfix.git

Sanitize non-printables in X509_NAME_oneline output
---

diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c
index 7511c95e1..5d81e5c49 100644
--- a/postfix/src/tls/tls_server.c
+++ b/postfix/src/tls/tls_server.c
@@ -827,10 +827,10 @@ TLS_SESS_STATE *tls_server_post_accept(TLS_SESS_STATE *TLScontext)
 	if (TLScontext->log_mask & TLS_LOG_VERBOSE) {
 	    X509_NAME_oneline(X509_get_subject_name(peer),
 			      buf, sizeof(buf));
-	    msg_info("subject=%s", buf);
+	    msg_info("subject=%s", printable(buf, '?'));
 	    X509_NAME_oneline(X509_get_issuer_name(peer),
 			      buf, sizeof(buf));
-	    msg_info("issuer=%s", buf);
+	    msg_info("issuer=%s", printable(buf, '?'));
 	}
 	TLScontext->peer_CN = tls_peer_CN(peer, TLScontext);
 	TLScontext->issuer_CN = tls_issuer_CN(peer, TLScontext);