File: sanitize.hpp

package info (click to toggle)
openvpn3-client 25%2Bdfsg-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 19,276 kB
  • sloc: cpp: 190,085; python: 7,218; ansic: 1,866; sh: 1,361; java: 402; lisp: 81; makefile: 17
file content (99 lines) | stat: -rw-r--r-- 2,387 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
 
//    OpenVPN -- An application to securely tunnel IP networks
//               over a single port, with support for SSL/TLS-based
//               session authentication and key exchange,
//               packet encryption, packet authentication, and
//               packet compression.
//
//    Copyright (C) 2012- OpenVPN Inc.
//
//    SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
//

// Sanitize certain kinds of strings before they are output to the log file.

#ifndef OPENVPN_OPTIONS_SANITIZE_H
#define OPENVPN_OPTIONS_SANITIZE_H

#include <string>
#include <cstring>

#include <openvpn/common/exception.hpp>
#include <openvpn/common/options.hpp>

namespace openvpn {

inline std::string render_options_sanitized(const OptionList &opt, const unsigned int render_flags)
{
    std::ostringstream out;
    for (size_t i = 0; i < opt.size(); i++)
    {
        const Option &o = opt[i];
#ifndef OPENVPN_SHOW_SESSION_TOKEN
        if (o.get_optional(0, 0) == "auth-token")
            out << i << " [auth-token] ..." << std::endl;
        else
#endif
            out << i << ' ' << o.render(render_flags) << std::endl;
    }
    return out.str();
}

// Remove security-sensitive strings from control message
// so that they will not be output to log file.
inline std::string sanitize_control_message(const std::string &src_str)
{
#ifdef OPENVPN_SHOW_SESSION_TOKEN
    return src_str;
#else
    const char *src = src_str.c_str();
    char *ret = new char[src_str.length() + 1];
    char *dest = ret;
    bool redact = false;
    int skip = 0;

    for (;;)
    {
        const char c = *src;
        if (c == '\0')
            break;
        if (c == 'S' && !::strncmp(src, "SESS_ID_", 8))
        {
            skip = 7;
            redact = true;
        }
        else if (c == 'e' && !::strncmp(src, "echo ", 5))
        {
            skip = 4;
            redact = true;
        }

        if (c == ',') /* end of redacted item? */
        {
            skip = 0;
            redact = false;
        }

        if (redact)
        {
            if (skip > 0)
            {
                --skip;
                *dest++ = c;
            }
        }
        else
            *dest++ = c;

        ++src;
    }
    *dest = '\0';

    const std::string ret_str(ret);
    delete[] ret;
    return ret_str;
#endif
}

} // namespace openvpn

#endif