[vlc-commits] lua intf: don't print passwords in the logs

Pierre Ynard git at videolan.org
Thu Feb 17 22:13:36 CET 2011


vlc/vlc-1.1 | branch: master | Pierre Ynard <linkfanel at yahoo.fr> | Thu Feb 17 18:43:29 2011 +0100| [0aae22e9b410519dd43ad995a6cb7cbf04ac3093] | committer: Pierre Ynard

lua intf: don't print passwords in the logs

This is evil!
(cherry picked from commit 6857923a03d769295dd98135ea6d35dbbaec925f)

Signed-off-by: Pierre Ynard <linkfanel at yahoo.fr>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-1.1.git/?a=commit;h=0aae22e9b410519dd43ad995a6cb7cbf04ac3093
---

 modules/misc/lua/intf.c |   60 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 59 insertions(+), 1 deletions(-)

diff --git a/modules/misc/lua/intf.c b/modules/misc/lua/intf.c
index fc1833f..5efe761 100644
--- a/modules/misc/lua/intf.c
+++ b/modules/misc/lua/intf.c
@@ -128,6 +128,58 @@ static char *GetModuleName( intf_thread_t *p_intf )
     return var_CreateGetString( p_intf, "lua-intf" );
 }
 
+static char *StripPasswords( const char *psz_config )
+{
+    unsigned n = 0;
+    const char *p = psz_config;
+    while ((p = strstr(p, "password=")) != NULL)
+    {
+        n++;
+        p++;
+    }
+    if (n == 0)
+        return strdup(psz_config);
+ 
+    char *psz_log = malloc(strlen(psz_config) + n * strlen("******") + 1);
+    if (psz_log == NULL)
+        return NULL;
+    psz_log[0] = '\0';
+
+    for (p = psz_config; ; )
+    {
+        const char *pwd = strstr(p, "password=");
+        if (pwd == NULL)
+        {
+            /* Copy the last, ending bit */
+            strcat(psz_log, p);
+            break;
+        }
+        pwd += strlen("password=");
+
+        char delim[3] = ",}";
+        if (*pwd == '\'' || *pwd == '"')
+        {
+            delim[0] = *pwd++;
+            delim[1] = '\0';
+        }
+
+        strncat(psz_log, p, pwd - p);
+        strcat(psz_log, "******");
+
+        /* Advance to the delimiter at the end of the password */
+        p = pwd - 1;
+        do
+        {
+            p = strpbrk(p + 1, delim);
+            if (p == NULL)
+                /* Oops, unbalanced quotes or brackets */
+                return psz_log;
+        }
+        while (*(p - 1) == '\\');
+    }
+    return psz_log;
+}
+
 static const luaL_Reg p_reg[] = { { NULL, NULL } };
 
 int Open_LuaIntf( vlc_object_t *p_this )
@@ -306,7 +358,13 @@ int Open_LuaIntf( vlc_object_t *p_this )
         char *psz_buffer;
         if( asprintf( &psz_buffer, "config={%s}", psz_config ) != -1 )
         {
-            msg_Dbg( p_intf, "Setting config variable: %s", psz_buffer );
+            char *psz_log = StripPasswords( psz_buffer );
+            if( psz_log != NULL )
+            {
+                msg_Dbg( p_intf, "Setting config variable: %s", psz_log );
+                free( psz_log );
+            }
+
             if( luaL_dostring( L, psz_buffer ) == 1 )
                 msg_Err( p_intf, "Error while parsing \"lua-config\"." );
             free( psz_buffer );



More information about the vlc-commits mailing list