This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2goclient. commit 132603ebdd04ba934f77b5767c71c48ed8973af2 Author: Mihai Moldovan <ionic@ionic.de> Date: Mon Sep 30 19:29:29 2019 +0200 src/httpbrokerclient.cpp: do not leak password length in debug output either. --- debian/changelog | 2 ++ src/httpbrokerclient.cpp | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 2ba277b..132f9d5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -116,6 +116,8 @@ x2goclient (4.1.2.2-0x2go1) UNRELEASED; urgency=medium #1393. - res/i18n/x2goclient_*.ts: replace changed source strings, no retranslations required. + - src/httpbrokerclient.cpp: do not leak password length in debug output + either. * debian/control: + Add build-depend on pkg-config. * x2goclient.spec: diff --git a/src/httpbrokerclient.cpp b/src/httpbrokerclient.cpp index d264c11..e41e9d6 100644 --- a/src/httpbrokerclient.cpp +++ b/src/httpbrokerclient.cpp @@ -893,7 +893,9 @@ QString HttpBrokerClient::scramblePwd(const QString& req) { plength=endPos-startPos; } - scrambled.replace(startPos,plength,'*'); + scrambled.remove(startPos, plength); + // Hardcode a value of 8 here - the length of the string "password". + scrambled.insert(startPos, QString ('*').repeated (8)); } return scrambled; } -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git