From: Douglas Bagnall Date: Thu, 27 Jun 2024 03:20:27 +0000 (+1200) Subject: cmdline:burn: do not retain false memories X-Git-Tag: samba-4.19.8~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=22a6e45541cf489b07bb81560d3fb700bf68673a;p=thirdparty%2Fsamba.git cmdline:burn: do not retain false memories If argv contains a secret option without an '=' (or in the case of "-U", the username is separated by space), we will get to the `if (strlen(p) == ulen) { continue; }` without resetting the found and is_user variables. This *sometimes* has the right effect, because the next string in argv ought to contain the secret. But in a case like {"--password", "1234567890"}, where the secret string is the same length as the option, we *again* take that branch and the password is not redacted, though the argument after it will be unless it is also of the same length. If we always set the flags at the start we avoid this. This makes things worse in the short term for secrets that are not the same length as their options, but we'll get to that in another commit soon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton (cherry picked from commit 2f6020cf3dadf484251701040e09a10fba2f644e) --- diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c index aaaff446979..3e0545e7b89 100644 --- a/lib/cmdline/cmdline.c +++ b/lib/cmdline/cmdline.c @@ -150,6 +150,9 @@ bool samba_cmdline_burn(int argc, char *argv[]) return false; } + found = false; + is_user = false; + /* * Take care that this list must be in longest-match * first order @@ -192,8 +195,6 @@ bool samba_cmdline_burn(int argc, char *argv[]) } memset_s(p, strlen(p), '\0', strlen(p)); - found = false; - is_user = false; burnt = true; } }