From 5a5e4b097d012b91f021aa1e6fdec19eda03de0d Mon Sep 17 00:00:00 2001
From: Francesco Chemolli <kinkie@squid-cache.org>
Date: Tue, 5 Jun 2012 02:22:47 -0600
Subject: [PATCH] Bug 3390: Proxy auth data visible to scripts

---
 src/HttpHeader.cc | 21 +++++++++++++++++----
 src/HttpHeader.h  |  2 +-
 src/errorpage.cc  |  2 +-
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc
index 90480976bd..89af6c390b 100644
--- a/src/HttpHeader.cc
+++ b/src/HttpHeader.cc
@@ -663,16 +663,29 @@ reset:
 
 /* packs all the entries using supplied packer */
 void
-HttpHeader::packInto(Packer * p) const
+HttpHeader::packInto(Packer * p, bool mask_sensitive_info) const
 {
     HttpHeaderPos pos = HttpHeaderInitPos;
     const HttpHeaderEntry *e;
     assert(p);
     debugs(55, 7, "packing hdr: (" << this << ")");
     /* pack all entries one by one */
-    while ((e = getEntry(&pos)))
-        e->packInto(p);
-
+    while ((e = getEntry(&pos))) {
+        if (!mask_sensitive_info) {
+            e->packInto(p);
+            continue;
+        }
+        switch (e->id) {
+        case HDR_AUTHORIZATION:
+        case HDR_PROXY_AUTHORIZATION:
+            packerAppend(p, e->name.rawBuf(), e->name.size());
+            packerAppend(p, ": ** NOT DISPLAYED **\r\n", 23);
+            break;
+        default:
+            e->packInto(p);
+            break;
+        }
+    }
     /* Pack in the "special" entries */
 
     /* Cache-Control */
diff --git a/src/HttpHeader.h b/src/HttpHeader.h
index c734bb1628..aa5db817c0 100644
--- a/src/HttpHeader.h
+++ b/src/HttpHeader.h
@@ -215,7 +215,7 @@ public:
     void compact();
     int reset();
     int parse(const char *header_start, const char *header_end);
-    void packInto(Packer * p) const;
+    void packInto(Packer * p, bool mask_sensitive_info=false) const;
     HttpHeaderEntry *getEntry(HttpHeaderPos * pos) const;
     HttpHeaderEntry *findEntry(http_hdr_type id) const;
     int delByName(const char *name);
diff --git a/src/errorpage.cc b/src/errorpage.cc
index ddc0772263..f82ede6e7a 100644
--- a/src/errorpage.cc
+++ b/src/errorpage.cc
@@ -777,7 +777,7 @@ ErrorState::Convert(char token, bool allowRecursion)
                       SQUIDSTRINGPRINT(urlpath_or_slash),
                       request->http_ver.major, request->http_ver.minor);
             packerToMemInit(&pck, &mb);
-            request->header.packInto(&pck);
+            request->header.packInto(&pck, true); //hide authorization data
             packerClean(&pck);
         } else if (request_hdrs) {
             p = request_hdrs;
-- 
2.47.2