fix a possible nil pointer dereference

it can happen by upgrading from very old versions
2024-06-12 05:12:18 +02:00 · 2021-09-11 14:19:17 +02:00 · 2021-09-11 14:19:17 +02:00 · 5c34d814d6
parent 0eca4f1866
commit 5c34d814d6
14 changed files with 139 additions and 40 deletions
--- a/common/common_test.go
+++ b/common/common_test.go
@ -754,6 +754,25 @@ func TestParseAllowedIPAndRanges(t *testing.T) {
 	assert.False(t, allow[1](net.ParseIP("172.16.1.1")))
 }

+func TestHideConfidentialData(t *testing.T) {
+	for _, provider := range sdk.ListProviders() {
+		u := dataprovider.User{
+			FsConfig: vfs.Filesystem{
+				Provider: provider,
+			},
+		}
+		u.PrepareForRendering()
+		f := vfs.BaseVirtualFolder{
+			FsConfig: vfs.Filesystem{
+				Provider: provider,
+			},
+		}
+		f.PrepareForRendering()
+	}
+	a := dataprovider.Admin{}
+	a.HideConfidentialData()
+}
+
 func BenchmarkBcryptHashing(b *testing.B) {
 	bcryptPassword := "bcryptpassword"
 	for i := 0; i < b.N; i++ {
--- a/dataprovider/admin.go
+++ b/dataprovider/admin.go
@ -293,6 +293,11 @@ func (a *Admin) HideConfidentialData() {
 	if a.Filters.TOTPConfig.Secret != nil {
 		a.Filters.TOTPConfig.Secret.Hide()
 	}
+	for _, code := range a.Filters.RecoveryCodes {
+		if code.Secret != nil {
+			code.Secret.Hide()
+		}
+	}
 	a.SetNilSecretsIfEmpty()
 }

--- a/dataprovider/user.go
+++ b/dataprovider/user.go
@ -196,7 +196,14 @@ func (u *User) CheckLoginConditions() error {
 func (u *User) hideConfidentialData() {
 	u.Password = ""
 	u.FsConfig.HideConfidentialData()
-	u.Filters.TOTPConfig.Secret.Hide()
+	if u.Filters.TOTPConfig.Secret != nil {
+		u.Filters.TOTPConfig.Secret.Hide()
+	}
+	for _, code := range u.Filters.RecoveryCodes {
+		if code.Secret != nil {
+			code.Secret.Hide()
+		}
+	}
 }

 // GetSubDirPermissions returns permissions for sub directories
--- a/docker/README.md
+++ b/docker/README.md
@ -4,10 +4,10 @@ SFTPGo provides an official Docker image, it is available on both [Docker Hub](h

 ## Supported tags and respective Dockerfile links

- [v2.1.0, v2.1, v2, latest](https://github.com/drakkan/sftpgo/blob/v2.1.0/Dockerfile)
- [v2.1.0-alpine, v2.1-alpine, v2-alpine, alpine](https://github.com/drakkan/sftpgo/blob/v2.1.0/Dockerfile.alpine)
- [v2.1.0-slim, v2.1-slim, v2-slim, slim](https://github.com/drakkan/sftpgo/blob/v2.1.0/Dockerfile)
- [v2.1.0-alpine-slim, v2.1-alpine-slim, v2-alpine-slim, alpine-slim](https://github.com/drakkan/sftpgo/blob/v2.1.0/Dockerfile.alpine)
+- [v2.1.2, v2.1, v2, latest](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile)
+- [v2.1.2-alpine, v2.1-alpine, v2-alpine, alpine](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile.alpine)
+- [v2.1.2-slim, v2.1-slim, v2-slim, slim](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile)
+- [v2.1.2-alpine-slim, v2.1-alpine-slim, v2-alpine-slim, alpine-slim](https://github.com/drakkan/sftpgo/blob/v2.1.2/Dockerfile.alpine)
 - [edge](../Dockerfile)
 - [edge-alpine](../Dockerfile.alpine)
 - [edge-slim](../Dockerfile)
--- a/go.mod
+++ b/go.mod
@ -7,11 +7,11 @@ require (
 	github.com/Azure/azure-storage-blob-go v0.14.0
 	github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962
 	github.com/alexedwards/argon2id v0.0.0-20210511081203-7d35d68092b8
-	github.com/aws/aws-sdk-go v1.40.38
+	github.com/aws/aws-sdk-go v1.40.41
 	github.com/cockroachdb/cockroach-go/v2 v2.1.1
 	github.com/eikenb/pipeat v0.0.0-20210603033007-44fc3ffce52b
 	github.com/fatih/color v1.12.0 // indirect
-	github.com/fclairamb/ftpserverlib v0.15.0
+	github.com/fclairamb/ftpserverlib v0.15.1-0.20210910204600-c38788485016
 	github.com/fclairamb/go-log v0.1.0
 	github.com/go-chi/chi/v5 v5.0.4
 	github.com/go-chi/jwtauth/v5 v5.0.1
@ -46,7 +46,7 @@ require (
 	github.com/prometheus/common v0.30.0 // indirect
 	github.com/rs/cors v1.8.0
 	github.com/rs/xid v1.3.0
-	github.com/rs/zerolog v1.24.0
+	github.com/rs/zerolog v1.25.0
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/shirou/gopsutil/v3 v3.21.8
 	github.com/spf13/afero v1.6.0
@ -61,10 +61,10 @@ require (
 	gocloud.dev v0.24.0
 	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
 	golang.org/x/net v0.0.0-20210907225631-ff17edfbf26d
-	golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34
+	golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0
 	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
 	google.golang.org/api v0.56.0
-	google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83 // indirect
+	google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af // indirect
 	google.golang.org/grpc v1.40.0
 	google.golang.org/protobuf v1.27.1
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
@ -81,7 +81,7 @@ require (
 	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210906140327-598bf66f24a6 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210910125427-0deef709df60 // indirect
 	github.com/fsnotify/fsnotify v1.5.1 // indirect
 	github.com/go-ole/go-ole v1.2.5 // indirect
 	github.com/goccy/go-json v0.7.8 // indirect
@ -128,7 +128,6 @@ require (

 replace (
 	github.com/eikenb/pipeat => github.com/drakkan/pipeat v0.0.0-20210805162858-70e57fa8a639
-	github.com/fclairamb/ftpserverlib => github.com/drakkan/ftpserverlib v0.0.0-20210805132427-425f32d9dc15
 	github.com/jlaffaye/ftp => github.com/drakkan/ftp v0.0.0-20201114075148-9b9adce499a9
 	golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20210904112610-0ac2a582e240
 	golang.org/x/net => github.com/drakkan/net v0.0.0-20210908102438-2debf45fec0b
--- a/go.sum
+++ b/go.sum
@ -134,8 +134,8 @@ github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZo
 github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go v1.38.68/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go v1.40.34/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
-github.com/aws/aws-sdk-go v1.40.38 h1:kl3iIW0h/JEBFjSBcAxDsiRbKMPz4aI5FJIHMCAQ+J0=
-github.com/aws/aws-sdk-go v1.40.38/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
+github.com/aws/aws-sdk-go v1.40.41 h1:v/Y4bB8+wHCONtKV+fuHTzLiqC08lk8e9HqYhRB9PBQ=
+github.com/aws/aws-sdk-go v1.40.41/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
 github.com/aws/aws-sdk-go-v2 v1.7.0/go.mod h1:tb9wi5s61kTDA5qCkcDbt3KRVV74GGslQkl/DRdX/P4=
 github.com/aws/aws-sdk-go-v2 v1.9.0/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4=
 github.com/aws/aws-sdk-go-v2/config v1.7.0/go.mod h1:w9+nMZ7soXCe5nT46Ri354SNhXDQ6v+V5wqDjnZE+GY=
@ -202,8 +202,8 @@ github.com/decred/dcrd/chaincfg/chainhash v1.0.2/go.mod h1:BpbrGgrPTr3YJYRN3Bm+D
 github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
 github.com/decred/dcrd/dcrec/secp256k1/v3 v3.0.0/go.mod h1:J70FGZSbzsjecRTiTzER+3f1KZLNaXkuv+yeFTKoxM8=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210906140327-598bf66f24a6 h1:NGfHjPYOoViXf0fOrOajdu8/SQNuu8WzjV9XTgLt/BQ=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210906140327-598bf66f24a6/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210910125427-0deef709df60 h1:FM4bliQ50GxrUtiwP6hUuzASr1FkC/Kw6UiWsS87sCc=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210910125427-0deef709df60/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
@ -213,8 +213,6 @@ github.com/drakkan/crypto v0.0.0-20210904112610-0ac2a582e240 h1:Qp4ss1w/ImKeKkCP
 github.com/drakkan/crypto v0.0.0-20210904112610-0ac2a582e240/go.mod h1:0hNoheD1tVu/m8WMkw/chBXf5VpwzL5fHQU25k79NKo=
 github.com/drakkan/ftp v0.0.0-20201114075148-9b9adce499a9 h1:LPH1dEblAOO/LoG7yHPMtBLXhQmjaga91/DDjWk9jWA=
 github.com/drakkan/ftp v0.0.0-20201114075148-9b9adce499a9/go.mod h1:2lmrmq866uF2tnje75wQHzmPXhmSWUt7Gyx2vgK1RCU=
-github.com/drakkan/ftpserverlib v0.0.0-20210805132427-425f32d9dc15 h1:J7FZPDILyOMYtShuM5hH3GLTL1cCDtoJ1InsxEyl798=
-github.com/drakkan/ftpserverlib v0.0.0-20210805132427-425f32d9dc15/go.mod h1:+Doq95UijHTIaJcWREhyu9dyQOqyoULbVU3OXgs8wEI=
 github.com/drakkan/net v0.0.0-20210908102438-2debf45fec0b h1:SRHk644lQIZwMvULlkVGEWMg6FlB+gj1ZHIOYSnHkIg=
 github.com/drakkan/net v0.0.0-20210908102438-2debf45fec0b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 github.com/drakkan/pipeat v0.0.0-20210805162858-70e57fa8a639 h1:8tfGdb4kg/YCvAbIrsMazgoNtnqdOqQVDKW12uUCuuU=
@ -236,6 +234,8 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc=
 github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
+github.com/fclairamb/ftpserverlib v0.15.1-0.20210910204600-c38788485016 h1:AERjGdm3i6M/d3DAFFSWFMVRmva6+ecCOkucBcNC0Pk=
+github.com/fclairamb/ftpserverlib v0.15.1-0.20210910204600-c38788485016/go.mod h1:+Doq95UijHTIaJcWREhyu9dyQOqyoULbVU3OXgs8wEI=
 github.com/fclairamb/go-log v0.1.0 h1:fNoqk8w62i4EDEuRzDgHdDVTqMYSyr3DS981R7F2x/Y=
 github.com/fclairamb/go-log v0.1.0/go.mod h1:iqmym8aI6xBbZXnZSPjElrmQrlEwjwEemOmIzKaTBM8=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
@ -698,8 +698,8 @@ github.com/rs/xid v1.3.0 h1:6NjYksEUlhurdVehpc7S7dk6DAmcKv8V9gG0FsVN2U4=
 github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
 github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
 github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
-github.com/rs/zerolog v1.24.0 h1:76ivFxmVSRs1u2wUwJVg5VZDYQgeH1JpoS6ndgr9Wy8=
-github.com/rs/zerolog v1.24.0/go.mod h1:7KHcEGe0QZPOm2IE4Kpb5rTh6n1h2hIgS5OOnu1rUaI=
+github.com/rs/zerolog v1.25.0 h1:Rj7XygbUHKUlDPcVdoLyR91fJBsduXj5fRxyqIQj/II=
+github.com/rs/zerolog v1.25.0/go.mod h1:7KHcEGe0QZPOm2IE4Kpb5rTh6n1h2hIgS5OOnu1rUaI=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@ -950,8 +950,8 @@ golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34 h1:GkvMjFtXUmahfDtashnc1mnrCtuBVcwse5QV2lUk/tI=
-golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0 h1:xrCZDmdtoloIiooiA9q0OQb9r8HejIHYoHGhGCe1pGg=
+golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -1145,8 +1145,8 @@ google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20210825212027-de86158e7fda/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83 h1:3V2dxSZpz4zozWWUq36vUxXEKnSYitEH2LdsAx+RUmg=
-google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af h1:aLMMXFYqw01RA6XJim5uaN+afqNNjc9P8HPAbnpnc5s=
+google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
--- a/httpd/httpd_test.go
+++ b/httpd/httpd_test.go
@ -4535,6 +4535,16 @@ func TestAdminTwoFactorLogin(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Len(t, recCodes, 12)

+	admin, _, err = httpdtest.GetAdminByUsername(altAdminUsername, http.StatusOK)
+	assert.NoError(t, err)
+	assert.Len(t, admin.Filters.RecoveryCodes, 12)
+	for _, c := range admin.Filters.RecoveryCodes {
+		assert.Empty(t, c.Secret.GetAdditionalData())
+		assert.Empty(t, c.Secret.GetKey())
+		assert.Equal(t, kms.SecretStatusSecretBox, c.Secret.GetStatus())
+		assert.NotEmpty(t, c.Secret.GetPayload())
+	}
+
 	webToken, err := getJWTWebTokenFromTestServer(defaultTokenAuthUser, defaultTokenAuthPass)
 	assert.NoError(t, err)
 	req, err = http.NewRequest(http.MethodGet, webAdminTwoFactorPath, nil)
@ -5058,6 +5068,16 @@ func TestWebUserTwoFactorLogin(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Len(t, recCodes, 12)

+	user, _, err = httpdtest.GetUserByUsername(defaultUsername, http.StatusOK)
+	assert.NoError(t, err)
+	assert.Len(t, user.Filters.RecoveryCodes, 12)
+	for _, c := range user.Filters.RecoveryCodes {
+		assert.Empty(t, c.Secret.GetAdditionalData())
+		assert.Empty(t, c.Secret.GetKey())
+		assert.Equal(t, kms.SecretStatusSecretBox, c.Secret.GetStatus())
+		assert.NotEmpty(t, c.Secret.GetPayload())
+	}
+
 	req, err = http.NewRequest(http.MethodGet, webClientTwoFactorPath, nil)
 	assert.NoError(t, err)
 	setJWTCookieForReq(req, webToken)
--- a/httpd/schema/openapi.yaml
+++ b/httpd/schema/openapi.yaml
@ -18,7 +18,7 @@ info:
    Several storage backends are supported and they are configurable per user, so you can serve a local directory for a user and an S3 bucket (or part of it) for another one.
    SFTPGo also supports virtual folders, a virtual folder can use any of the supported storage backends. So you can have, for example, an S3 user that exposes a GCS bucket (or part of it) on a specified path and an encrypted local filesystem on another one.
    Virtual folders can be private or shared among multiple users, for shared virtual folders you can define different quota limits for each user.
-  version: 2.1.0-dev
+  version: 2.1.2-dev
  contact:
    name: API support
    url: 'https://github.com/drakkan/sftpgo'
--- a/pkgs/debian/changelog
+++ b/pkgs/debian/changelog
@ -1,3 +1,15 @@
+sftpgo (2.1.2-1ppa1) bionic; urgency=medium
+
+  * New upstream release.
+
+ -- Nicola Murino <nicola.murino@gmail.com>  Sat, 11 Sep 2021 13:35:21 +0200
+
+sftpgo (2.1.1-1ppa1) bionic; urgency=medium
+
+  * New upstream release.
+
+ -- Nicola Murino <nicola.murino@gmail.com>  Sat, 11 Sep 2021 07:12:40 +0200
+
 sftpgo (2.1.0-1ppa1) bionic; urgency=medium

  * New upstream release.
--- a/version/version.go
+++ b/version/version.go
@ -2,7 +2,7 @@ package version

 import "strings"

-const version = "2.1.0-dev"
+const version = "2.1.2-dev"

 var (
 	commit = ""
--- a/vfs/filesystem.go
+++ b/vfs/filesystem.go
@ -207,17 +207,15 @@ func (f *Filesystem) HasRedactedSecret() bool {
 func (f *Filesystem) HideConfidentialData() {
 	switch f.Provider {
 	case sdk.S3FilesystemProvider:
-		f.S3Config.AccessSecret.Hide()
+		f.S3Config.HideConfidentialData()
 	case sdk.GCSFilesystemProvider:
-		f.GCSConfig.Credentials.Hide()
+		f.GCSConfig.HideConfidentialData()
 	case sdk.AzureBlobFilesystemProvider:
-		f.AzBlobConfig.AccountKey.Hide()
-		f.AzBlobConfig.SASURL.Hide()
+		f.AzBlobConfig.HideConfidentialData()
 	case sdk.CryptedFilesystemProvider:
-		f.CryptConfig.Passphrase.Hide()
+		f.CryptConfig.HideConfidentialData()
 	case sdk.SFTPFilesystemProvider:
-		f.SFTPConfig.Password.Hide()
-		f.SFTPConfig.PrivateKey.Hide()
+		f.SFTPConfig.HideConfidentialData()
 	}
 }

--- a/vfs/folder.go
+++ b/vfs/folder.go
@ -104,17 +104,15 @@ func (v *BaseVirtualFolder) IsLocalOrLocalCrypted() bool {
 func (v *BaseVirtualFolder) hideConfidentialData() {
 	switch v.FsConfig.Provider {
 	case sdk.S3FilesystemProvider:
-		v.FsConfig.S3Config.AccessSecret.Hide()
+		v.FsConfig.S3Config.HideConfidentialData()
 	case sdk.GCSFilesystemProvider:
-		v.FsConfig.GCSConfig.Credentials.Hide()
+		v.FsConfig.GCSConfig.HideConfidentialData()
 	case sdk.AzureBlobFilesystemProvider:
-		v.FsConfig.AzBlobConfig.AccountKey.Hide()
-		v.FsConfig.AzBlobConfig.SASURL.Hide()
+		v.FsConfig.AzBlobConfig.HideConfidentialData()
 	case sdk.CryptedFilesystemProvider:
-		v.FsConfig.CryptConfig.Passphrase.Hide()
+		v.FsConfig.CryptConfig.HideConfidentialData()
 	case sdk.SFTPFilesystemProvider:
-		v.FsConfig.SFTPConfig.Password.Hide()
-		v.FsConfig.SFTPConfig.PrivateKey.Hide()
+		v.FsConfig.SFTPConfig.HideConfidentialData()
 	}
 }

--- a/vfs/sftpfs.go
+++ b/vfs/sftpfs.go
@ -40,6 +40,16 @@ type SFTPFsConfig struct {
 	forbiddenSelfUsernames []string `json:"-"`
 }

+// HideConfidentialData hides confidential data
+func (c *SFTPFsConfig) HideConfidentialData() {
+	if c.Password != nil {
+		c.Password.Hide()
+	}
+	if c.PrivateKey != nil {
+		c.PrivateKey.Hide()
+	}
+}
+
 func (c *SFTPFsConfig) isEqual(other *SFTPFsConfig) bool {
 	if c.Endpoint != other.Endpoint {
 		return false
--- a/vfs/vfs.go
+++ b/vfs/vfs.go
@ -143,6 +143,13 @@ type S3FsConfig struct {
 	sdk.S3FsConfig
 }

+// HideConfidentialData hides confidential data
+func (c *S3FsConfig) HideConfidentialData() {
+	if c.AccessSecret != nil {
+		c.AccessSecret.Hide()
+	}
+}
+
 func (c *S3FsConfig) isEqual(other *S3FsConfig) bool {
 	if c.Bucket != other.Bucket {
 		return false
@ -264,6 +271,13 @@ type GCSFsConfig struct {
 	sdk.GCSFsConfig
 }

+// HideConfidentialData hides confidential data
+func (c *GCSFsConfig) HideConfidentialData() {
+	if c.Credentials != nil {
+		c.Credentials.Hide()
+	}
+}
+
 func (c *GCSFsConfig) isEqual(other *GCSFsConfig) bool {
 	if c.Bucket != other.Bucket {
 		return false
@ -323,6 +337,16 @@ type AzBlobFsConfig struct {
 	sdk.AzBlobFsConfig
 }

+// HideConfidentialData hides confidential data
+func (c *AzBlobFsConfig) HideConfidentialData() {
+	if c.AccountKey != nil {
+		c.AccountKey.Hide()
+	}
+	if c.SASURL != nil {
+		c.SASURL.Hide()
+	}
+}
+
 func (c *AzBlobFsConfig) isEqual(other *AzBlobFsConfig) bool {
 	if c.Container != other.Container {
 		return false
@ -444,6 +468,13 @@ type CryptFsConfig struct {
 	sdk.CryptFsConfig
 }

+// HideConfidentialData hides confidential data
+func (c *CryptFsConfig) HideConfidentialData() {
+	if c.Passphrase != nil {
+		c.Passphrase.Hide()
+	}
+}
+
 func (c *CryptFsConfig) isEqual(other *CryptFsConfig) bool {
 	if c.Passphrase == nil {
 		c.Passphrase = kms.NewEmptySecret()