pidgin: b9672796: Don't log passwords for XMPP when using ...

rekkanoryo at pidgin.im rekkanoryo at pidgin.im
Thu Jan 1 12:51:27 EST 2009 

-----------------------------------------------------------------
Revision: b9672796cffe924ffd3633b859aa7d5db7af5518
Ancestor: 1113bba42babcbb9b1fd16e72de4930f50a89f58
Author: paul at aurich.com
Date: 2009-01-01T17:27:54
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/b9672796cffe924ffd3633b859aa7d5db7af5518

Modified files:
        libpurple/protocols/jabber/jabber.c

ChangeLog: 

Don't log passwords for XMPP when using SASL PLAIN or old-style IQ Auth so
that debug logs are clean.  This doesn't affect DIGEST-MD5.  Fixes #7836.

-------------- next part --------------
============================================================
--- libpurple/protocols/jabber/jabber.c	e004c14130d978423118554b6378cacb600f76ec
+++ libpurple/protocols/jabber/jabber.c	61d4248bdb4e553fe1766ca4a68d5259c747c729
@@ -351,10 +351,34 @@ void jabber_send_raw(JabberStream *js, c
 {
 
 	/* because printing a tab to debug every minute gets old */
-	if(strcmp(data, "\t"))
-		purple_debug(PURPLE_DEBUG_MISC, "jabber", "Sending%s: %s\n",
-				js->gsc ? " (ssl)" : "", data);
+	if(strcmp(data, "\t")) {
+		char *text = NULL, *last_part = NULL, *tag_start = NULL;
 
+		/* Because debug logs with plaintext passwords make me sad */
+		if(js->state != JABBER_STREAM_CONNECTED &&
+				/* Either <auth> or <query><password>... */
+				(((tag_start = strstr(data, "<auth ")) &&
+					strstr(data, "xmlns='urn:ietf:params:xml:ns:xmpp-sasl'")) ||
+				((tag_start = strstr(data, "<query ")) &&
+					strstr(data, "xmlns='jabber:iq:auth'>") &&
+					(tag_start = strstr(tag_start, "<password>"))))) {
+			char *data_start, *tag_end = strchr(tag_start, '>');
+			text = g_strdup(data);
+
+			data_start = text + (tag_end - data) + 1;
+
+			last_part = strchr(data_start, '<');
+			*data_start = '\0';
+		}
+
+		purple_debug(PURPLE_DEBUG_MISC, "jabber", "Sending%s: %s%s%s\n",
+				js->gsc ? " (ssl)" : "", text ? text : data,
+				last_part ? "password removed" : "",
+				last_part ? last_part : "");
+
+		g_free(text);
+	}
+
 	/* If we've got a security layer, we need to encode the data,
 	 * splitting it on the maximum buffer length negotiated */

More information about the Commits mailing list