[libsoup/wip/tpopela/negotiate] soup-auth-negotiate: Don't print auth headers value if we fail to parse them

From: Tomas Popela <tpopela src gnome org>
To: commits-list gnome org
Cc:
Subject: [libsoup/wip/tpopela/negotiate] soup-auth-negotiate: Don't print auth headers value if we fail to parse them
Date: Tue, 1 Mar 2016 14:59:47 +0000 (UTC)

commit bc7d459261a28a0d3f0d2608f4fdfbca42accc7a
Author: Tomas Popela <tpopela redhat com>
Date:   Tue Mar 1 15:56:34 2016 +0100

    soup-auth-negotiate: Don't print auth headers value if we fail to parse them
    
    It could be a potential security information leak.

 libsoup/soup-auth-negotiate.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/libsoup/soup-auth-negotiate.c b/libsoup/soup-auth-negotiate.c
index 2fbc008..5dc67a3 100644
--- a/libsoup/soup-auth-negotiate.c
+++ b/libsoup/soup-auth-negotiate.c
@@ -311,7 +311,7 @@ check_server_response (SoupMessage *msg, gpointer auth)
        auth_headers = soup_message_headers_get_one (msg->response_headers,
                                                     "WWW-Authenticate");
        if (!auth_headers || g_ascii_strncasecmp (auth_headers, "Negotiate ", 10) != 0) {
-               g_warning ("Failed to parse auth header %s", auth_headers);
+               g_warning ("Failed to parse auth header");
                conn->state = SOUP_NEGOTIATE_FAILED;
                goto out;
        }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]