nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Telnet proxy: censor the password in the log file.

Browse Source 
Probably should have done this a long time ago: when we write the
formatted command into the log file, we now base it on a version in
which CONF_proxy_password has been reset to "*password*", to avoid
writing the actual password (if any) into log files.
This commit is contained in:
Simon Tatham 2021-11-19 15:59:27 +00:00
parent a864f7bb57
commit dbaaa9d1dd
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
proxy/telnet.c
View File

@ -326,15 +326,21 @@ static void proxy_telnet_process_queue(ProxyNegotiator *pn)
}
/*
* Re-escape control chars in the command, for logging.
* Log the command, with some changes. Firstly, we regenerate it
* with the password masked; secondly, we escape control
* characters so that the log message is printable.
*/
conf_set_str(s->conf, CONF_proxy_password, "*password*");
{
char *censored_cmd = format_telnet_command(
pn->ps->remote_addr, pn->ps->remote_port, s->conf, NULL);
strbuf *logmsg = strbuf_new();
const char *in;
put_datapl(logmsg, PTRLEN_LITERAL("Sending Telnet proxy command: "));
for (in = s->formatted_cmd; *in; in++) {
for (in = censored_cmd; *in; in++) {
if (*in == '\n') {
put_datapl(logmsg, PTRLEN_LITERAL("\\n"));
} else if (*in == '\r') {
@ -352,6 +358,7 @@ static void proxy_telnet_process_queue(ProxyNegotiator *pn)
plug_log(pn->ps->plug, PLUGLOG_PROXY_MSG, NULL, 0, logmsg->s, 0);
strbuf_free(logmsg);
sfree(censored_cmd);
}
/*