From 49c2d5ea04847f8f7f1344bfd73582e9a0d3b564 Mon Sep 17 00:00:00 2001 From: Philip Hazel Date: Tue, 22 Mar 2005 14:50:10 +0000 Subject: [PATCH] Attempt to flatten LDAP passwords in address' error messages (after expansion failure) so they don't get published. --- doc/doc-txt/ChangeLog | 7 ++++++- src/src/deliver.c | 24 +++++++++++++++++++++--- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index f366edf2c..812409849 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.94 2005/03/22 14:11:54 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.95 2005/03/22 14:50:10 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -61,6 +61,11 @@ PH/08 Added ${dlfunc dynamically loaded function for expansion (code from Tony PH/09 Previously, an attempt to use ${perl when it wasn't compiled gave an "unknown" error; now it says that the functionality isn't in the binary. +PH/10 Added a nasty fudge to try to recognize and flatten LDAP passwords in + an address' error message when a string expansion fails (syntax or + whatever). Otherwise not only does the password appear in the log, it may + also be put in a bounce message. + A note about Exim versions 4.44 and 4.50 ---------------------------------------- diff --git a/src/src/deliver.c b/src/src/deliver.c index 7dc460ce7..7dbb94fc6 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/deliver.c,v 1.8 2005/03/15 12:27:54 ph10 Exp $ */ +/* $Cambridge: exim/src/src/deliver.c,v 1.9 2005/03/22 14:50:10 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -729,9 +729,27 @@ else if (driver_type == DTYPE_ROUTER) /* If there's an error message set, ensure that it contains only printing characters - it should, but occasionally things slip in and this at least -stops the log format from getting wrecked. */ +stops the log format from getting wrecked. We also scan the message for an LDAP +expansion item that has a password setting, and flatten the password. This is a +fudge, but I don't know a cleaner way of doing this. (If the item is badly +malformed, it won't ever have gone near LDAP.) */ -if (addr->message != NULL) addr->message = string_printing(addr->message); +if (addr->message != NULL) + { + addr->message = string_printing(addr->message); + if (Ustrstr(addr->message, "failed to expand") != NULL && + (Ustrstr(addr->message, "ldap:") != NULL || + Ustrstr(addr->message, "ldapdn:") != NULL || + Ustrstr(addr->message, "ldapm:") != NULL)) + { + uschar *p = Ustrstr(addr->message, "pass="); + if (p != NULL) + { + p += 5; + while (*p != 0 && !isspace(*p)) *p++ = 'x'; + } + } + } /* If we used a transport that has one of the "return_output" options set, and if it did in fact generate some output, then for return_output we treat the -- 2.25.1