Merge pull request #1484 from DanielMorsing/scrublogs

stop cloudflare auth key from being leaked into the logs
2019-03-20 15:42:03 +00:00 · 2019-03-20 15:42:03 +00:00 · ee79b6f663
commit ee79b6f663
parent 3907629f33 b987d2772d
1 changed files with 28 additions and 0 deletions
--- a/pkg/issuer/acme/dns/cloudflare/cloudflare.go
+++ b/pkg/issuer/acme/dns/cloudflare/cloudflare.go
@ -50,6 +50,15 @@ func NewDNSProviderCredentials(email, key string, dns01Nameservers []string) (*D
 	if email == "" || key == "" {
 		return nil, fmt.Errorf("CloudFlare credentials missing")
 	}
+	// cloudflare uses X-Auth-Key as a header for its
+	// authentication. However, if it's an invalid value, the go
+	// http library will "helpfully" print out the value to help with
+	// debugging.
+	//
+	// Check that the auth key is a valid header value before we leak it to the logs
+	if !validHeaderFieldValue(key) {
+		return nil, fmt.Errorf("Cloudflare key invalid (does the key contain a newline?)")
+	}

 	return &DNSProvider{
 		authEmail:        email,
@ -249,3 +258,22 @@ type cloudFlareRecord struct {
 	TTL     int    `json:"ttl,omitempty"`
 	ZoneID  string `json:"zone_id,omitempty"`
 }
+
+// following functions are copy-pasted from go's internal
+// http server
+func validHeaderFieldValue(v string) bool {
+	for i := 0; i < len(v); i++ {
+		b := v[i]
+		if isCTL(b) && !isLWS(b) {
+			return false
+		}
+	}
+	return true
+}
+
+func isCTL(b byte) bool {
+	const del = 0x7f // a CTL
+	return b < ' ' || b == del
+}
+
+func isLWS(b byte) bool { return b == ' ' || b == '\t' }