vlc | branch: master | Filip Roséen <[email protected]> | Mon Sep 26 02:41:20 2016 +0200| [9eb3099ef9de77055191730b92eb693b2fe7ecd9] | committer: Thomas Guillem
access/ftp: do not log sensitive information PASS and ACCT are by their definition sensitive data, as such we should not log their payload when such requests are sent. These changes simply censors the payload, as well as the number of bytes sent (so that the length of the payload is not leaked). fixes #17440 Signed-off-by: Thomas Guillem <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=9eb3099ef9de77055191730b92eb693b2fe7ecd9 --- modules/access/ftp.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/access/ftp.c b/modules/access/ftp.c index b75f1c5..59bdd31 100644 --- a/modules/access/ftp.c +++ b/modules/access/ftp.c @@ -177,7 +177,11 @@ static int ftp_SendCommand( vlc_object_t *obj, access_sys_t *sys, if( unlikely(val == -1) ) return -1; - msg_Dbg( obj, "sending request: \"%.*s\" (%d bytes)", val - 2, cmd, val ); + if( strncmp( cmd, "PASS ", 5 ) && strncmp( cmd, "ACCT ", 5 ) ) + msg_Dbg( obj, "sending request: \"%.*s\" (%d bytes)", val-2, cmd, val ); + else + msg_Dbg( obj, "sending request: \"%.*s XXXX\" (XX bytes)", 4, cmd ); + if( ((sys->cmd.p_tls != NULL) ? vlc_tls_Write( sys->cmd.p_tls, cmd, val ) : net_Write( obj, sys->cmd.fd, cmd, val )) != val ) _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
