Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
http: Don't leak the webvpn cookie in XML POST mode
XML POST mode introduces a new header in the <auth> response.  Squash it
so that people don't inadvertently post logs containing webvpn cookies.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
cernekee authored and David Woodhouse committed Mar 4, 2013
1 parent 82237a9 commit 73f5ae3
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion cstp.c
Expand Up @@ -310,7 +310,11 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
return -ENOMEM;
}

vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);
/* This contains the whole document, including the webvpn cookie. */
if (!strcasecmp(buf, "X-CSTP-Post-Auth-XML"))
vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, _("<elided>"));
else
vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);

if (!strncmp(buf, "X-DTLS-", 7)) {
*next_dtls_option = new_option;
Expand Down

0 comments on commit 73f5ae3

Please sign in to comment.