File: leaks-passwords-to-the-logs.patch

package info (click to toggle)
libapache-authenhook-perl 2.00-04%2Bpristine-5
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd, stretch
  • size: 224 kB
  • ctags: 17
  • sloc: perl: 182; makefile: 12
file content (32 lines) | stat: -rw-r--r-- 1,019 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
Description: Leaks passwords to the logs
Author: Ivan Kohler <ivan@debian.org>
Bug: https://rt.cpan.org/Ticket/Display.html?id=62040
Bug-Debian: http://bugs.debian.org/599712
Forwarded: https://rt.cpan.org/Ticket/Display.html?id=62040
Reviewed-By: Xavier Guimard <x.guimard@free.fr>
Last-Update: 2013-01-06

--- a/AuthenHook.xs
+++ b/AuthenHook.xs
@@ -180,8 +180,8 @@
 
     case OK:
       ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
-                    "Apache::AuthenHook - user '%s', password '%s' verified",
-                    user, password);
+                    "Apache::AuthenHook - user '%s' verified",
+                    user);
 
       status = AUTH_GRANTED;
       break;
@@ -196,8 +196,8 @@
 
     default:
       ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
-                    "Apache::AuthenHook - user '%s', password '%s' denied",
-                    user, password);
+                    "Apache::AuthenHook - user '%s' denied",
+                    user);
 
       status = AUTH_DENIED;
   };