From: Aki Tuomi Date: Wed, 15 Mar 2017 11:29:11 +0000 (+0200) Subject: auth: Properly hide all fields with passwords X-Git-Tag: 2.3.0.rc1~1941 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c12aed4d817acd9b72d12830e1fbf6df76062e7b;p=thirdparty%2Fdovecot%2Fcore.git auth: Properly hide all fields with passwords client reply line wasn't hiding all items which contain 'pass' substring. This was inconsistent behaviour since elsewhere this was done. --- diff --git a/src/auth/auth-client-connection.c b/src/auth/auth-client-connection.c index ebcbbd666c..cfa0073f35 100644 --- a/src/auth/auth-client-connection.c +++ b/src/auth/auth-client-connection.c @@ -34,17 +34,31 @@ static struct auth_client_connection *auth_client_connections; static const char *reply_line_hide_pass(const char *line) { + string_t *newline; const char *p, *p2; - /* hide proxy reply password */ - p = strstr(line, "\tpass="); - if (p == NULL) + if (strstr(line, "pass") == NULL) return line; - p += 6; - p2 = strchr(p, '\t'); - return t_strconcat(t_strdup_until(line, p), PASSWORD_HIDDEN_STR, - p2, NULL); + newline = t_str_new(strlen(line)); + + const char *const *fields = t_strsplit(line, "\t"); + + while(*fields != NULL) { + p = strstr(*fields, "pass"); + p2 = strchr(*fields, '='); + if (p == NULL || p2 == NULL || p2 < p) { + str_append(newline, *fields); + } else { + /* include = */ + str_append_data(newline, *fields, (p2 - *fields)+1); + str_append(newline, PASSWORD_HIDDEN_STR); + } + str_append_c(newline, '\t'); + fields++; + } + + return str_c(newline); } static void auth_client_send(struct auth_client_connection *conn,