neutrinordp: avoid pampassword leakage

The leakage does not occur in the most usual use case of xrdp. It occurs in NeutrinoRDP proxy mode with PAM authentication enabled. Reported by @TOMATO-ONE
author: Koichiro IWAO <meta@vmeta.jp> 2021-04-29 15:51:30 +0300
committer: Koichiro IWAO <meta@vmeta.jp> 2021-04-29 16:16:31 +0300
commit: aad14384ccb7bc93ef660a02130ff5f3b78d346c (patch)
tree: e0d07e9a218ab61f9de407e61b7ed36ac8c1578b
parent: 5bb9d982ea8a7866949df5f34bc5c5b66277b021 (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/neutrinordp/xrdp-neutrinordp.c b/neutrinordp/xrdp-neutrinordp.c
index cc267827..b89f3fde 100644
--- a/neutrinordp/xrdp-neutrinordp.c
+++ b/neutrinordp/xrdp-neutrinordp.c
@@ -443,7 +443,14 @@ lxrdp_set_param(struct mod *mod, const char *name, const char *value)
 {
     rdpSettings *settings;
 
-    LOG_DEVEL(LOG_LEVEL_DEBUG, "lxrdp_set_param: name [%s] value [%s]", name, value);
+    if (g_strcmp(name, "password") == 0 || g_strcmp(name, "pampassword") == 0)
+    {
+        LOG_DEVEL(LOG_LEVEL_DEBUG, "lxrdp_set_param: name [%s] value [******]", name);
+    }
+    else
+    {
+        LOG_DEVEL(LOG_LEVEL_DEBUG, "lxrdp_set_param: name [%s] value [%s]", name, value);
+    }
     settings = mod->inst->settings;
 
     if (g_strcmp(name, "hostname") == 0)
@@ -496,6 +503,10 @@ lxrdp_set_param(struct mod *mod, const char *name, const char *value)
     {
         settings->desktop_resize = g_text2bool(value);
     }
+    else if (g_strcmp(name, "pampassword") == 0)
+    {
+        LOG(LOG_LEVEL_WARNING, "lxrdp_set_param: unknown name [%s] value [******]", name);
+    }
     else
     {
         LOG(LOG_LEVEL_WARNING, "lxrdp_set_param: unknown name [%s] value [%s]", name, value);
author	Koichiro IWAO <meta@vmeta.jp>	2021-04-29 15:51:30 +0300
committer	Koichiro IWAO <meta@vmeta.jp>	2021-04-29 16:16:31 +0300
commit	aad14384ccb7bc93ef660a02130ff5f3b78d346c (patch)
tree	e0d07e9a218ab61f9de407e61b7ed36ac8c1578b
parent	5bb9d982ea8a7866949df5f34bc5c5b66277b021 (diff)