[tin-dev] [PATCH] don't log auth data with plain "-D 1"
Urs Janßen
urs at tin.org
Wed May 31 09:35:36 CEST 2023
--- src/nntplib.c 2023-05-11 07:27:25 +0000
+++ src/nntplib.c 2023-05-31 07:21:26 +0000
@@ -833,8 +833,24 @@
nntpbuf_puts(string, &nntp_buf);
nntpbuf_puts("\r\n", &nntp_buf);
# ifdef DEBUG
- if (debug & DEBUG_NNTP)
- debug_print_file("NNTP", ">>>%s%s", logtime(), string);
+ if (debug & DEBUG_NNTP) {
+ if (!strncmp(string, "AUTH", 4)) { /* avoid logging auth data if not running verbose */
+ if (verbose)
+ debug_print_file("NNTP", ">>>%s%s", logtime(), string);
+ else {
+ char *p, *c = my_strdup(string);
+
+ if ((p = strrchr(c, ' ')))
+ *p = '\0';
+ if ((p = strrchr(c, '\t')))
+ *p = '\0';
+
+ debug_print_file("NNTP", ">>>%s%s [data hidden, rerun with -v]", logtime(), c);
+ free(c);
+ }
+ } else
+ debug_print_file("NNTP", ">>>%s%s", logtime(), string);
+ }
# endif /* DEBUG */
/*
* remember the last command we wrote to be able to resend it after a
More information about the tin-dev
mailing list