From: Kevin Cernekee <cernekee@gmail.com>
Date: Mon, 4 Mar 2013 02:20:51 +0000 (-0800)
Subject: http: Don't leak the webvpn cookie in XML POST mode
X-Git-Tag: v5.00~56
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=73f5ae387ac80d87bf3813061df0d9f72c190e3a;p=users%2Fdwmw2%2Fopenconnect.git

http: Don't leak the webvpn cookie in XML POST mode

XML POST mode introduces a new header in the <auth> response.  Squash it
so that people don't inadvertently post logs containing webvpn cookies.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---

diff --git a/cstp.c b/cstp.c
index d57d7418..48962120 100644
--- a/cstp.c
+++ b/cstp.c
@@ -310,7 +310,11 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 			return -ENOMEM;
 		}
 
-		vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);
+		/* This contains the whole document, including the webvpn cookie. */
+		if (!strcasecmp(buf, "X-CSTP-Post-Auth-XML"))
+			vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, _("<elided>"));
+		else
+			vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);
 
 		if (!strncmp(buf, "X-DTLS-", 7)) {
 			*next_dtls_option = new_option;