Avoid exposing passwords in log, on failing ldap lookup expansion. Bug 165

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 4171d61c4c70f119120d5e433fc05318ce98aa7f..3bf6fc9080adee7596ce19e75d1085e758619d68 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -27,7 +27,7 @@ JH/05 If main configuration option tls_certificate is unset, generate a
       selfsigned certificate for inbound TLS connections.
 
 JH/06 Bug 165: hide more cases of password exposure - this time in expansions
       selfsigned certificate for inbound TLS connections.
 
 JH/06 Bug 165: hide more cases of password exposure - this time in expansions

-      in rewrites.
+      in rewrites and routers.

 
 
 Exim version 4.87
 
 
 Exim version 4.87

diff --git a/src/src/deliver.c b/src/src/deliver.c
index c6de1b901f81ae85db9adff8e11dbdf0a1bf6e22..743fc83e81d8ea3a97b79774614c1155516a67c3 100644 (file)
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -1076,23 +1076,9 @@ malformed, it won't ever have gone near LDAP.) */
 if (addr->message)
   {
   const uschar * s = string_printing(addr->message);
 if (addr->message)
   {
   const uschar * s = string_printing(addr->message);

-  if (s != addr->message)
-    addr->message = US s;
-    /* deconst cast ok as string_printing known to have alloc'n'copied */
-  if (  (  Ustrstr(s, "failed to expand") != NULL
-       || Ustrstr(s, "expansion of ")    != NULL
-       )
-     && (  Ustrstr(s, "mysql")   != NULL
-        || Ustrstr(s, "pgsql")   != NULL
-       || Ustrstr(s, "redis")   != NULL
-       || Ustrstr(s, "sqlite")  != NULL
-       || Ustrstr(s, "ldap:")   != NULL
-       || Ustrstr(s, "ldaps:")  != NULL
-       || Ustrstr(s, "ldapi:")  != NULL
-       || Ustrstr(s, "ldapdn:") != NULL
-       || Ustrstr(s, "ldapm:")  != NULL
-     )  )
-    addr->message = US"Temporary internal error";
+
+  /* deconst cast ok as string_printing known to have alloc'n'copied */
+  addr->message = expand_hide_passwords(US s);

   }
 
 /* If we used a transport that has one of the "return_output" options set, and
   }
 
 /* If we used a transport that has one of the "return_output" options set, and

diff --git a/src/src/expand.c b/src/src/expand.c
index fbbc56316356329f86ec99a2eab68c97c9f799f3..f783682b4af0b1b0dacf3dc72ffd0603f4dca402 100644 (file)
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -7631,6 +7631,29 @@ return OK;
 
 
 
 
 
 

+/* Avoid potentially exposing a password in a string about to be logged */
+
+uschar *
+expand_hide_passwords(uschar * s)
+{
+return (  (  Ustrstr(s, "failed to expand") != NULL
+         || Ustrstr(s, "expansion of ")    != NULL
+         ) 
+       && (  Ustrstr(s, "mysql")   != NULL
+         || Ustrstr(s, "pgsql")   != NULL
+         || Ustrstr(s, "redis")   != NULL
+         || Ustrstr(s, "sqlite")  != NULL
+         || Ustrstr(s, "ldap:")   != NULL
+         || Ustrstr(s, "ldaps:")  != NULL
+         || Ustrstr(s, "ldapi:")  != NULL
+         || Ustrstr(s, "ldapdn:") != NULL
+         || Ustrstr(s, "ldapm:")  != NULL
+       )  ) 
+  ? US"Temporary internal error" : s;
+}
+
+
+

 
 /*************************************************
 **************************************************
 
 /*************************************************
 **************************************************

diff --git a/src/src/functions.h b/src/src/functions.h
index 454037fe130324da646cf425376f875582ec7bce..f690e9fd92178bf467f8deec7b4e9c26100caf86 100644 (file)
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -180,6 +180,7 @@ extern int     exp_bool(address_item *addr,
 extern BOOL    expand_check_condition(uschar *, uschar *, uschar *);
 extern uschar *expand_string(uschar *);        /* public, cannot make const */
 extern const uschar *expand_cstring(const uschar *); /* ... so use this one */
 extern BOOL    expand_check_condition(uschar *, uschar *, uschar *);
 extern uschar *expand_string(uschar *);        /* public, cannot make const */
 extern const uschar *expand_cstring(const uschar *); /* ... so use this one */

+extern uschar *expand_hide_passwords(uschar * );

 extern uschar *expand_string_copy(const uschar *);
 extern int_eximarith_t expand_string_integer(uschar *, BOOL);
 extern void    modify_variable(uschar *, void *);
 extern uschar *expand_string_copy(const uschar *);
 extern int_eximarith_t expand_string_integer(uschar *, BOOL);
 extern void    modify_variable(uschar *, void *);

diff --git a/src/src/rewrite.c b/src/src/rewrite.c
index f2a7ff273ae859e88950a6c44f9dc34bf92590b9..830d2bb8d9b98c9391982c706249dd171fb76fca 100644 (file)
--- a/src/src/rewrite.c
+++ b/src/src/rewrite.c
@@ -206,22 +206,7 @@ for (rule = rewrite_rules;
     if (expand_string_forcedfail)
       { if ((rule->flags & rewrite_quit) != 0) break; else continue; }
 
     if (expand_string_forcedfail)
       { if ((rule->flags & rewrite_quit) != 0) break; else continue; }
 

-    /* Avoid potentially exposing a password */
-
-    if (  (  Ustrstr(expand_string_message, "failed to expand") != NULL
-         || Ustrstr(expand_string_message, "expansion of ")    != NULL
-         )
-       && (  Ustrstr(expand_string_message, "mysql")   != NULL
-         || Ustrstr(expand_string_message, "pgsql")   != NULL
-         || Ustrstr(expand_string_message, "redis")   != NULL
-         || Ustrstr(expand_string_message, "sqlite")  != NULL
-         || Ustrstr(expand_string_message, "ldap:")   != NULL
-         || Ustrstr(expand_string_message, "ldaps:")  != NULL
-         || Ustrstr(expand_string_message, "ldapi:")  != NULL
-         || Ustrstr(expand_string_message, "ldapdn:") != NULL
-         || Ustrstr(expand_string_message, "ldapm:")  != NULL
-       )  )
-      expand_string_message = US"Temporary internal error";
+    expand_string_message = expand_hide_passwords(expand_string_message);

 
     log_write(0, LOG_MAIN|LOG_PANIC, "Expansion of %s failed while rewriting: "
       "%s", rule->replacement, expand_string_message);
 
     log_write(0, LOG_MAIN|LOG_PANIC, "Expansion of %s failed while rewriting: "
       "%s", rule->replacement, expand_string_message);

diff --git a/src/src/route.c b/src/src/route.c
index b289b0f3419aa4cf531aec6f40ebce71720c3d22..f7a5325678e587a90cd291bab8ad2a83593fe2c2 100644 (file)
--- a/src/src/route.c
+++ b/src/src/route.c
@@ -1897,21 +1897,8 @@ if (unseen && r->next)
 /* Unset the address expansions, and return the final result. */
 
 ROUTE_EXIT:
 /* Unset the address expansions, and return the final result. */
 
 ROUTE_EXIT:

-if (  yield == DEFER
-   && addr->message
-   && (  Ustrstr(addr->message, "failed to expand") != NULL
-      || Ustrstr(addr->message, "expansion of ") != NULL
-      )
-   && (  Ustrstr(addr->message, "mysql") != NULL
-      || Ustrstr(addr->message, "pgsql") != NULL
-      || Ustrstr(addr->message, "redis") != NULL
-      || Ustrstr(addr->message, "sqlite") != NULL
-      || Ustrstr(addr->message, "ldap:") != NULL
-      || Ustrstr(addr->message, "ldapdn:") != NULL
-      || Ustrstr(addr->message, "ldapm:") != NULL
-      )
-   )
-  addr->message = string_sprintf("Temporary internal error");
+if (yield == DEFER && addr->message)
+  addr->message = expand_hide_passwords(addr->message);

 
 deliver_set_expansions(NULL);
 router_name = NULL;
 
 deliver_set_expansions(NULL);
 router_name = NULL;