Avoid exposing passwords in log, on failing ldap lookup expansion. Bug 165

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 272176cc8874322ff53553abbd9a5fdb3418b869..4171d61c4c70f119120d5e433fc05318ce98aa7f 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -26,6 +26,9 @@ JH/04 Bug 1810: make continued-use of an open smtp transport connection
 JH/05 If main configuration option tls_certificate is unset, generate a
       selfsigned certificate for inbound TLS connections.
 
 JH/05 If main configuration option tls_certificate is unset, generate a
       selfsigned certificate for inbound TLS connections.
 

+JH/06 Bug 165: hide more cases of password exposure - this time in expansions
+      in rewrites.
+

 
 Exim version 4.87
 -----------------
 
 Exim version 4.87
 -----------------

diff --git a/src/src/deliver.c b/src/src/deliver.c
index a1fb602e9d02b38d6ad83d42bb2176cae64d9fd2..c6de1b901f81ae85db9adff8e11dbdf0a1bf6e22 100644 (file)
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -1087,10 +1087,12 @@ if (addr->message)
        || Ustrstr(s, "redis")   != NULL
        || Ustrstr(s, "sqlite")  != NULL
        || Ustrstr(s, "ldap:")   != NULL
        || Ustrstr(s, "redis")   != NULL
        || Ustrstr(s, "sqlite")  != NULL
        || Ustrstr(s, "ldap:")   != NULL

+       || Ustrstr(s, "ldaps:")  != NULL
+       || Ustrstr(s, "ldapi:")  != NULL

        || Ustrstr(s, "ldapdn:") != NULL
        || Ustrstr(s, "ldapm:")  != NULL
      )  )
        || Ustrstr(s, "ldapdn:") != NULL
        || Ustrstr(s, "ldapm:")  != NULL
      )  )

-    addr->message = string_sprintf("Temporary internal error");
+    addr->message = US"Temporary internal error";

   }
 
 /* If we used a transport that has one of the "return_output" options set, and
   }
 
 /* If we used a transport that has one of the "return_output" options set, and

diff --git a/src/src/rewrite.c b/src/src/rewrite.c
index ca7fb6a115c4a3d8abcfc61aff371c16d010c3ee..f2a7ff273ae859e88950a6c44f9dc34bf92590b9 100644 (file)
--- a/src/src/rewrite.c
+++ b/src/src/rewrite.c
@@ -205,6 +205,24 @@ for (rule = rewrite_rules;
     {
     if (expand_string_forcedfail)
       { if ((rule->flags & rewrite_quit) != 0) break; else continue; }
     {
     if (expand_string_forcedfail)
       { if ((rule->flags & rewrite_quit) != 0) break; else continue; }

+
+    /* Avoid potentially exposing a password */
+
+    if (  (  Ustrstr(expand_string_message, "failed to expand") != NULL
+         || Ustrstr(expand_string_message, "expansion of ")    != NULL
+         )
+       && (  Ustrstr(expand_string_message, "mysql")   != NULL
+         || Ustrstr(expand_string_message, "pgsql")   != NULL
+         || Ustrstr(expand_string_message, "redis")   != NULL
+         || Ustrstr(expand_string_message, "sqlite")  != NULL
+         || Ustrstr(expand_string_message, "ldap:")   != NULL
+         || Ustrstr(expand_string_message, "ldaps:")  != NULL
+         || Ustrstr(expand_string_message, "ldapi:")  != NULL
+         || Ustrstr(expand_string_message, "ldapdn:") != NULL
+         || Ustrstr(expand_string_message, "ldapm:")  != NULL
+       )  )
+      expand_string_message = US"Temporary internal error";
+

     log_write(0, LOG_MAIN|LOG_PANIC, "Expansion of %s failed while rewriting: "
       "%s", rule->replacement, expand_string_message);
     break;
     log_write(0, LOG_MAIN|LOG_PANIC, "Expansion of %s failed while rewriting: "
       "%s", rule->replacement, expand_string_message);
     break;