I just noticed in the debug log there is the full content of a regular (i.e. non-signed, non-encrypted) mail holding sensitive information, even though I didn't activate the option "Inkl. Mail inhalten (entschlüsselt!) und Meta-Informationen" (i.e. including mail content (decrypted!) and meta information).
Log level was set to "+Speicher Analyse" (+memory analysis).
| rO GpgOL | |||
| rO2aa65cb3d86d Fix check for debug levels for string debug | |||
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Resolved | • aheinecke | T4193 Debug log has full content of a regular mail even when checkmarked not to have decrypted mail content | ||
| Resolved | • aheinecke | T4227 Gpg4win 3.1.5 |
ARGH!
I broke it a day before the release and didn't notice.
Since f34cd2782bc0cd6f359c14de4d4a889ec4e49a6e it accidentally logs all string allocations if one of DEBUG_TRACE DEBUG_MEMORY or DEBUG_DATA is set. The intention was that it should log when all three are set.
As usual, thanks for the report :-/
For what it's worth I found some more places where data leaked out even in log level 1. It will probably be a bit of a process to get this clean to a 100% as there is no automated way to decide what needs to be filtered and what not.