From: James Yonan <james@openvpn.net>
Date: Thu, 28 Jul 2011 01:29:12 +0000 (+0000)
Subject: Redact "echo" directive strings from log, since
X-Git-Tag: v2.3-alpha1~210
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=429ab795202dc359f6e282a5addccf4f312317cc;p=thirdparty%2Fopenvpn.git

Redact "echo" directive strings from log, since
these strings (going forward) could conceivably
contain security-sensitive data.

Version 2.1.7

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7480 e7ae566f-a301-0410-adde-c780ea21d3b5
---

diff --git a/misc.c b/misc.c
index 136e4ceee..569c8e7de 100644
--- a/misc.c
+++ b/misc.c
@@ -2408,6 +2408,11 @@ sanitize_control_message(const char *str, struct gc_arena *gc)
 	  cp += 7;
 	  redact = true;
 	}
+      else if (c == 'e' && !strncmp(cp, "echo ", 5))
+	{
+	  cp += 4;
+	  redact = true;
+	}
       else
 	{
 	  if (c == ',') /* end of session id? */
diff --git a/options.c b/options.c
index 96954756f..7da1180f7 100644
--- a/options.c
+++ b/options.c
@@ -3886,9 +3886,13 @@ add_option (struct options *options,
 	}
       if (good)
 	{
+#if 0
+	  /* removed for now since ECHO can potentially include
+	     security-sensitive strings */
 	  msg (M_INFO, "%s:%s",
 	       pull_mode ? "ECHO-PULL" : "ECHO",
 	       BSTR (&string));
+#endif
 #ifdef ENABLE_MANAGEMENT
 	  if (management)
 	    management_echo (management, BSTR (&string), pull_mode);