prevent app_get_pass() from revealing cleartext password on syntax error #6218
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
richsalz
reviewed
May 10, 2018
richsalz
approved these changes
May 10, 2018
richsalz
added
branch: master
mattcaswell
requested changes
May 11, 2018
levitte
reviewed
Jun 21, 2018
paulidale
removed
the
approval: review pending
…S_SOURCE_SIZE_MAX
…gcc 4), but not by gcc 6
DDvO
force-pushed
the
fix-apt_get_pass-reveal
branch
from
f016066
to
3cd44e0
Compare
mattcaswell
approved these changes
Feb 25, 2019
mattcaswell
added
the
approval: review pending
|
ping @levitte - you looked at this one once before. |
|
@levitte, can you approve/merge this? |
levitte
approved these changes
Mar 13, 2019
levitte
added
approval: done
|
Squashed into one commit, added some text to the commit message and merged. 62ca156 prevent app_get_pass() from revealing cleartext password on syntax error |
levitte
pushed a commit
that referenced
this pull request
Mar 13, 2019
When the argument for '-pass' was badly formed, that argument got displayed in full. This turns out to not be such a good idea if the user simply forgot to start the argument with 'pass:', or spellt the prefix incorrectly. We therefore change the display to say that a colon is missing or only showing the incorrect prefix. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #6218)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When a user of the OpenSSL CLI makes a syntax error with the password argument of any of the
opensslapps, the whole argument is echoed on the console for diagnostic purposes. I find this a bit risky since this may reveal sensitive password contents on the screen or in logs.This PR limits the diagnostic output to at most, e.g., 4 characters and does not echo the argument of the
-passoption at all if it does not contain a ':' within the first 5 characters, indicating that a prefix likepass:orfile:is missing.