Commit 73f5ae38 authored by Kevin Cernekee's avatar Kevin Cernekee Committed by David Woodhouse

http: Don't leak the webvpn cookie in XML POST mode

XML POST mode introduces a new header in the <auth> response.  Squash it
so that people don't inadvertently post logs containing webvpn cookies.
Signed-off-by: default avatarKevin Cernekee <>
Signed-off-by: default avatarDavid Woodhouse <>
parent 82237a97
......@@ -310,7 +310,11 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
return -ENOMEM;
vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);
/* This contains the whole document, including the webvpn cookie. */
if (!strcasecmp(buf, "X-CSTP-Post-Auth-XML"))
vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, _("<elided>"));
vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);
if (!strncmp(buf, "X-DTLS-", 7)) {
*next_dtls_option = new_option;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment