From d6ced0b6c527dc853d7e116acb60ba8fde9859da Mon Sep 17 00:00:00 2001
From: Sean Hall <r.sean.hall@gmail.com>
Date: Fri, 2 Sep 2022 16:06:18 -0500
Subject: Mask the elevated secrets when logging its command line.

---
 src/burn/engine/core.cpp   | 27 ++++++++++++++++++++++++---
 src/burn/engine/core.h     |  2 ++
 src/burn/engine/engine.cpp |  1 +
 3 files changed, 27 insertions(+), 3 deletions(-)

(limited to 'src/burn')

diff --git a/src/burn/engine/core.cpp b/src/burn/engine/core.cpp
index ed824411..25124c8a 100644
--- a/src/burn/engine/core.cpp
+++ b/src/burn/engine/core.cpp
@@ -1612,6 +1612,16 @@ extern "C" HRESULT CoreParseCommandLine(
 
                 ++i;
 
+                hr = MemEnsureArraySizeForNewItems(reinterpret_cast<LPVOID*>(&pInternalCommand->rgSecretArgs), pInternalCommand->cSecretArgs, 3, sizeof(int), 3);
+                ExitOnFailure(hr, "Failed to ensure size for secret args.");
+
+                pInternalCommand->rgSecretArgs[pInternalCommand->cSecretArgs] = i;
+                pInternalCommand->cSecretArgs += 1;
+                pInternalCommand->rgSecretArgs[pInternalCommand->cSecretArgs] = i + 1;
+                pInternalCommand->cSecretArgs += 1;
+                pInternalCommand->rgSecretArgs[pInternalCommand->cSecretArgs] = i + 2;
+                pInternalCommand->cSecretArgs += 1;
+
                 hr = ParsePipeConnection(argv + i, pCompanionConnection);
                 if (FAILED(hr))
                 {
@@ -1684,7 +1694,7 @@ extern "C" HRESULT CoreParseCommandLine(
                 if (i + 3 >= argc)
                 {
                     fInvalidCommandLine = TRUE;
-                    ExitOnRootFailure(hr = E_INVALIDARG, "Must specify the embedded name, token and parent process id.");
+                    ExitWithRootFailure(hr, E_INVALIDARG, "Must specify the embedded name, token and parent process id.");
                 }
 
                 switch (pInternalCommand->mode)
@@ -1701,7 +1711,7 @@ extern "C" HRESULT CoreParseCommandLine(
                     break;
                 default:
                     fInvalidCommandLine = TRUE;
-                    ExitOnRootFailure(hr = E_INVALIDARG, "Multiple mode command-line switches were provided.");
+                    ExitWithRootFailure(hr, E_INVALIDARG, "Multiple mode command-line switches were provided.");
                 }
 
                 ++i;
@@ -2111,6 +2121,7 @@ static HRESULT GetSanitizedCommandLine(
 {
     HRESULT hr = S_OK;
     DWORD dwUnknownArgIndex = 0;
+    DWORD dwSecretArgIndex = 0;
     BOOL fHidden = FALSE;
     LPWSTR sczSanitizedArgument = NULL;
     LPWSTR sczVariableName = NULL;
@@ -2118,6 +2129,8 @@ static HRESULT GetSanitizedCommandLine(
     LPWSTR* argv = pInternalCommand->argv;
     DWORD cUnknownArgs = pInternalCommand->cUnknownArgs;
     int* rgUnknownArgs = pInternalCommand->rgUnknownArgs;
+    DWORD cSecretArgs = pInternalCommand->cSecretArgs;
+    int* rgSecretArgs = pInternalCommand->rgSecretArgs;
 
     for (int i = 0; i < argc; ++i)
     {
@@ -2148,7 +2161,7 @@ static HRESULT GetSanitizedCommandLine(
                     if (fHidden)
                     {
                         hr = StrAllocFormatted(&sczSanitizedArgument, L"%ls=*****", sczVariableName);
-                        ExitOnFailure(hr, "Failed to copy sanitized argument.");
+                        ExitOnFailure(hr, "Failed to copy sanitized unknown argument.");
                     }
                 }
             }
@@ -2156,6 +2169,14 @@ static HRESULT GetSanitizedCommandLine(
             // Remember command-line switch to pass off to BA.
             AppAppendCommandLineArgument(&pCommand->wzCommandLine, argv[i]);
         }
+        else if (dwSecretArgIndex < cSecretArgs && rgSecretArgs[dwSecretArgIndex] == i)
+        {
+            ++dwSecretArgIndex;
+            fHidden = TRUE;
+
+            hr = StrAllocString(&sczSanitizedArgument, L"*****", 0);
+            ExitOnFailure(hr, "Failed to copy sanitized secret argument.");
+        }
 
         if (fHidden)
         {
diff --git a/src/burn/engine/core.h b/src/burn/engine/core.h
index a2f1ab4c..7e594b52 100644
--- a/src/burn/engine/core.h
+++ b/src/burn/engine/core.h
@@ -89,6 +89,8 @@ typedef struct _BURN_ENGINE_COMMAND
 {
     int argc;
     LPWSTR* argv;
+    DWORD cSecretArgs;
+    int* rgSecretArgs;
     DWORD cUnknownArgs;
     int* rgUnknownArgs;
     BOOL fInvalidCommandLine;
diff --git a/src/burn/engine/engine.cpp b/src/burn/engine/engine.cpp
index aefba98b..69f30e26 100644
--- a/src/burn/engine/engine.cpp
+++ b/src/burn/engine/engine.cpp
@@ -414,6 +414,7 @@ static void UninitializeEngineState(
         AppFreeCommandLineArgs(pEngineState->internalCommand.argv);
     }
 
+    ReleaseMem(pEngineState->internalCommand.rgSecretArgs);
     ReleaseMem(pEngineState->internalCommand.rgUnknownArgs);
 
     PipeConnectionUninitialize(&pEngineState->embeddedConnection);
-- 
cgit v1.2.3-55-g6feb