diff options
author | Koichiro IWAO <meta@vmeta.jp> | 2021-04-29 15:51:30 +0300 |
---|---|---|
committer | Koichiro IWAO <meta@vmeta.jp> | 2021-04-29 16:16:31 +0300 |
commit | aad14384ccb7bc93ef660a02130ff5f3b78d346c (patch) | |
tree | e0d07e9a218ab61f9de407e61b7ed36ac8c1578b | |
parent | 5bb9d982ea8a7866949df5f34bc5c5b66277b021 (diff) |
neutrinordp: avoid pampassword leakage
The leakage does not occur in the most usual use case of xrdp.
It occurs in NeutrinoRDP proxy mode with PAM authentication enabled.
Reported by @TOMATO-ONE
-rw-r--r-- | neutrinordp/xrdp-neutrinordp.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/neutrinordp/xrdp-neutrinordp.c b/neutrinordp/xrdp-neutrinordp.c index cc267827..b89f3fde 100644 --- a/neutrinordp/xrdp-neutrinordp.c +++ b/neutrinordp/xrdp-neutrinordp.c @@ -443,7 +443,14 @@ lxrdp_set_param(struct mod *mod, const char *name, const char *value) { rdpSettings *settings; - LOG_DEVEL(LOG_LEVEL_DEBUG, "lxrdp_set_param: name [%s] value [%s]", name, value); + if (g_strcmp(name, "password") == 0 || g_strcmp(name, "pampassword") == 0) + { + LOG_DEVEL(LOG_LEVEL_DEBUG, "lxrdp_set_param: name [%s] value [******]", name); + } + else + { + LOG_DEVEL(LOG_LEVEL_DEBUG, "lxrdp_set_param: name [%s] value [%s]", name, value); + } settings = mod->inst->settings; if (g_strcmp(name, "hostname") == 0) @@ -496,6 +503,10 @@ lxrdp_set_param(struct mod *mod, const char *name, const char *value) { settings->desktop_resize = g_text2bool(value); } + else if (g_strcmp(name, "pampassword") == 0) + { + LOG(LOG_LEVEL_WARNING, "lxrdp_set_param: unknown name [%s] value [******]", name); + } else { LOG(LOG_LEVEL_WARNING, "lxrdp_set_param: unknown name [%s] value [%s]", name, value); |