From: Francesco Chemolli <kinkie@squid-cache.org>
Date: Mon, 4 Jun 2012 11:01:11 +0000 (-0600)
Subject: Bug 3390: Proxy auth data visible to scripts
X-Git-Tag: SQUID_3_2_0_18~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce6bb1c23fc9adb69a47b537eeb635c739891348;p=thirdparty%2Fsquid.git

Bug 3390: Proxy auth data visible to scripts
---

diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc
index cf398e7f23..b0db44e252 100644
--- a/src/HttpHeader.cc
+++ b/src/HttpHeader.cc
@@ -698,16 +698,29 @@ reset:
 
 /* packs all the entries using supplied packer */
 void
-HttpHeader::packInto(Packer * p) const
+HttpHeader::packInto(Packer * p, bool mask_sensitive_info) const
 {
     HttpHeaderPos pos = HttpHeaderInitPos;
     const HttpHeaderEntry *e;
     assert(p);
     debugs(55, 7, "packing hdr: (" << this << ")");
     /* pack all entries one by one */
-    while ((e = getEntry(&pos)))
-        e->packInto(p);
-
+    while ((e = getEntry(&pos))) {
+        if (!mask_sensitive_info) {
+            e->packInto(p);
+            continue;
+        }
+        switch (e->id) {
+        case HDR_AUTHORIZATION:
+        case HDR_PROXY_AUTHORIZATION:
+            packerAppend(p, e->name.rawBuf(), e->name.size());
+            packerAppend(p, ": ** NOT DISPLAYED **\r\n", 23);
+            break;
+        default:
+            e->packInto(p);
+            break;
+        }
+    }
     /* Pack in the "special" entries */
 
     /* Cache-Control */
diff --git a/src/HttpHeader.h b/src/HttpHeader.h
index 999e8345a2..cf0c336a43 100644
--- a/src/HttpHeader.h
+++ b/src/HttpHeader.h
@@ -234,7 +234,7 @@ public:
     void compact();
     int reset();
     int parse(const char *header_start, const char *header_end);
-    void packInto(Packer * p) const;
+    void packInto(Packer * p, bool mask_sensitive_info=false) const;
     HttpHeaderEntry *getEntry(HttpHeaderPos * pos) const;
     HttpHeaderEntry *findEntry(http_hdr_type id) const;
     int delByName(const char *name);
diff --git a/src/errorpage.cc b/src/errorpage.cc
index ef1418017d..a24169ece6 100644
--- a/src/errorpage.cc
+++ b/src/errorpage.cc
@@ -991,7 +991,7 @@ ErrorState::Convert(char token, bool building_deny_info_url, bool allowRecursion
                       AnyP::ProtocolType_str[request->http_ver.protocol],
                       request->http_ver.major, request->http_ver.minor);
             packerToMemInit(&pck, &mb);
-            request->header.packInto(&pck);
+            request->header.packInto(&pck, true); //hide authorization data
             packerClean(&pck);
         } else if (request_hdrs) {
             p = request_hdrs;