From 73f5ae387ac80d87bf3813061df0d9f72c190e3a Mon Sep 17 00:00:00 2001
From: Kevin Cernekee <cernekee@gmail.com>
Date: Sun, 3 Mar 2013 18:20:51 -0800
Subject: [PATCH] http: Don't leak the webvpn cookie in XML POST mode

XML POST mode introduces a new header in the <auth> response.  Squash it
so that people don't inadvertently post logs containing webvpn cookies.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
 cstp.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/cstp.c b/cstp.c
index d57d7418..48962120 100644
--- a/cstp.c
+++ b/cstp.c
@@ -310,7 +310,11 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 			return -ENOMEM;
 		}
 
-		vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);
+		/* This contains the whole document, including the webvpn cookie. */
+		if (!strcasecmp(buf, "X-CSTP-Post-Auth-XML"))
+			vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, _("<elided>"));
+		else
+			vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);
 
 		if (!strncmp(buf, "X-DTLS-", 7)) {
 			*next_dtls_option = new_option;