projects / exim.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Avoid exposing passwords in log, on failing ldap lookup expansion. Bug 165
[exim.git] / src / src / expand.c
diff --git a/src/src/expand.c b/src/src/expand.c
index fbbc56316356329f86ec99a2eab68c97c9f799f3..f783682b4af0b1b0dacf3dc72ffd0603f4dca402 100644 (file)
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -7631,6 +7631,29 @@ return OK;
 
 
 
+/* Avoid potentially exposing a password in a string about to be logged */
+
+uschar *
+expand_hide_passwords(uschar * s)
+{
+return (  (  Ustrstr(s, "failed to expand") != NULL
+         || Ustrstr(s, "expansion of ")    != NULL
+         ) 
+       && (  Ustrstr(s, "mysql")   != NULL
+         || Ustrstr(s, "pgsql")   != NULL
+         || Ustrstr(s, "redis")   != NULL
+         || Ustrstr(s, "sqlite")  != NULL
+         || Ustrstr(s, "ldap:")   != NULL
+         || Ustrstr(s, "ldaps:")  != NULL
+         || Ustrstr(s, "ldapi:")  != NULL
+         || Ustrstr(s, "ldapdn:") != NULL
+         || Ustrstr(s, "ldapm:")  != NULL
+       )  ) 
+  ? US"Temporary internal error" : s;
+}
+
+
+
 
 /*************************************************
 **************************************************
Unnamed repository; edit this file 'description' to name the repository.