You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2021/11/09 21:21:45 UTC
[trafficserver] branch 9.2.x updated: Better TLS Secrets
Truncation. (#8489)
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.2.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.2.x by this push:
new bced3398 Better TLS Secrets Truncation. (#8489)
bced3398 is described below
commit bced3398bc58fb9131d43479c4c2cfb001d00391
Author: Brian Neradt <br...@verizonmedia.com>
AuthorDate: Thu Nov 4 10:49:14 2021 -0500
Better TLS Secrets Truncation. (#8489)
This improves upon #8483 with an observation from @ywkaras that since
the data is stored in a std::string it will always be null terminated.
Thus these debug logs can be simplified to just use the "%.50s" print
format.
(cherry picked from commit 1bbb5054449f9910d6e21ca789e0981d6cd2cf2e)
---
iocore/net/SSLSecret.cc | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/iocore/net/SSLSecret.cc b/iocore/net/SSLSecret.cc
index 5abdab0..6cc1015 100644
--- a/iocore/net/SSLSecret.cc
+++ b/iocore/net/SSLSecret.cc
@@ -83,8 +83,7 @@ SSLSecret::setSecret(const std::string &name, const char *data, int data_len)
}
iter->second.assign(data, data_len);
// The full secret data can be sensitive. Print only the first 50 bytes.
- int const print_length = (iter->second.size() > 50) ? 50 : static_cast<int>(iter->second.size());
- Debug("ssl_secret", "Set secret for %s to %.*s", name.c_str(), print_length, iter->second.data());
+ Debug("ssl_secret", "Set secret for %s to %.50s", name.c_str(), iter->second.c_str());
return true;
}
@@ -105,8 +104,7 @@ SSLSecret::getSecret(const std::string &name, std::string_view &data) const
const std::string *data_item = this->getSecretItem(name);
if (data_item) {
// The full secret data can be sensitive. Print only the first 50 bytes.
- int const print_length = (data_item->length() > 50) ? 50 : static_cast<int>(data_item->length());
- Debug("ssl_secret", "Get secret for %s: %.*s", name.c_str(), print_length, data_item->data());
+ Debug("ssl_secret", "Get secret for %s: %.50s", name.c_str(), data_item->c_str());
data = *data_item;
} else {
Debug("ssl_secret", "Get secret for %s: not found", name.c_str());