[vlc-devel] [PATCH] access/ftp: do not log sensitive information
Filip Roséen
filip at atch.se
Mon Sep 26 02:41:20 CEST 2016
PASS and ACCT are by their definition sensitive data, as such we
should not log their payload when such requests are sent.
These changes simply censors the payload, as well as the number of
bytes sent (so that the length of the payload is not leaked).
fixes #17440
---
modules/access/ftp.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/modules/access/ftp.c b/modules/access/ftp.c
index b75f1c5..59bdd31 100644
--- a/modules/access/ftp.c
+++ b/modules/access/ftp.c
@@ -177,7 +177,11 @@ static int ftp_SendCommand( vlc_object_t *obj, access_sys_t *sys,
if( unlikely(val == -1) )
return -1;
- msg_Dbg( obj, "sending request: \"%.*s\" (%d bytes)", val - 2, cmd, val );
+ if( strncmp( cmd, "PASS ", 5 ) && strncmp( cmd, "ACCT ", 5 ) )
+ msg_Dbg( obj, "sending request: \"%.*s\" (%d bytes)", val-2, cmd, val );
+ else
+ msg_Dbg( obj, "sending request: \"%.*s XXXX\" (XX bytes)", 4, cmd );
+
if( ((sys->cmd.p_tls != NULL)
? vlc_tls_Write( sys->cmd.p_tls, cmd, val )
: net_Write( obj, sys->cmd.fd, cmd, val )) != val )
--
2.10.0
More information about the vlc-devel
mailing list