From: Nick Porter <nick@portercomputing.co.uk>
Date: Wed, 26 Jul 2023 12:33:48 +0000 (+0100)
Subject: Use fr_value_box_contains_secret when securely printing lists
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=deda396b14b40c46d3209ef67e806451a2f65ebf;p=thirdparty%2Ffreeradius-server.git

Use fr_value_box_contains_secret when securely printing lists

Lists can contain groups and the secret could be a child of a group
---

diff --git a/src/lib/util/value.c b/src/lib/util/value.c
index 5c37e04be8b..8ff187ea9f7 100644
--- a/src/lib/util/value.c
+++ b/src/lib/util/value.c
@@ -5778,7 +5778,7 @@ char *fr_value_box_list_aprint_secure(TALLOC_CTX *ctx, fr_value_box_list_t const
 
 	if (!vb) return NULL;
 
-	if (unlikely (vb->secret)) {
+	if (unlikely (fr_value_box_contains_secret(vb))) {
 		aggr = talloc_typed_strdup(ctx, "<<< secret >>>");
 	} else {
 		fr_value_box_aprint(ctx, &aggr, vb, e_rules);
@@ -5796,7 +5796,7 @@ char *fr_value_box_list_aprint_secure(TALLOC_CTX *ctx, fr_value_box_list_t const
 	while ((vb = fr_value_box_list_next(list, vb))) {
 		char *str, *new_aggr;
 
-		if (unlikely (vb->secret)) {
+		if (unlikely (fr_value_box_contains_secret(vb))) {
 			str = talloc_typed_strdup(pool, "<<< secret >>>");
 		} else {
 			fr_value_box_aprint(pool, &str, vb, e_rules);