From 0bd1b1ed8a1aaf9dcd5bdf30afe38f15aba344a0 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Wed, 4 May 2016 16:09:52 +0100
Subject: Avoid exposing passwords in log, on failing ldap lookup expansion. 
 Bug 165

---
 src/src/deliver.c |  4 +++-
 src/src/rewrite.c | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/src/deliver.c b/src/src/deliver.c
index a1fb602e9..c6de1b901 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -1087,10 +1087,12 @@ if (addr->message)
 	|| Ustrstr(s, "redis")   != NULL
 	|| Ustrstr(s, "sqlite")  != NULL
 	|| Ustrstr(s, "ldap:")   != NULL
+	|| Ustrstr(s, "ldaps:")  != NULL
+	|| Ustrstr(s, "ldapi:")  != NULL
 	|| Ustrstr(s, "ldapdn:") != NULL
 	|| Ustrstr(s, "ldapm:")  != NULL
      )  )
-    addr->message = string_sprintf("Temporary internal error");
+    addr->message = US"Temporary internal error";
   }
 
 /* If we used a transport that has one of the "return_output" options set, and
diff --git a/src/src/rewrite.c b/src/src/rewrite.c
index ca7fb6a11..f2a7ff273 100644
--- a/src/src/rewrite.c
+++ b/src/src/rewrite.c
@@ -205,6 +205,24 @@ for (rule = rewrite_rules;
     {
     if (expand_string_forcedfail)
       { if ((rule->flags & rewrite_quit) != 0) break; else continue; }
+
+    /* Avoid potentially exposing a password */
+
+    if (  (  Ustrstr(expand_string_message, "failed to expand") != NULL
+	  || Ustrstr(expand_string_message, "expansion of ")    != NULL
+	  )
+       && (  Ustrstr(expand_string_message, "mysql")   != NULL
+	  || Ustrstr(expand_string_message, "pgsql")   != NULL
+	  || Ustrstr(expand_string_message, "redis")   != NULL
+	  || Ustrstr(expand_string_message, "sqlite")  != NULL
+	  || Ustrstr(expand_string_message, "ldap:")   != NULL
+	  || Ustrstr(expand_string_message, "ldaps:")  != NULL
+	  || Ustrstr(expand_string_message, "ldapi:")  != NULL
+	  || Ustrstr(expand_string_message, "ldapdn:") != NULL
+	  || Ustrstr(expand_string_message, "ldapm:")  != NULL
+       )  )
+      expand_string_message = US"Temporary internal error";
+
     log_write(0, LOG_MAIN|LOG_PANIC, "Expansion of %s failed while rewriting: "
       "%s", rule->replacement, expand_string_message);
     break;
-- 
cgit v1.2.3