You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
1.0 KiB
32 lines
1.0 KiB
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Julien Cristau <jcristau@debian.org>
|
|
Date: Sat, 6 May 2017 22:45:34 +0200
|
|
Subject: [PATCH] Fix race condition in SEC_GetPassword
|
|
|
|
A side effect of echoOff is to discard unread input, so if we print the
|
|
prompt before echoOff, the user (or process) at the other end might
|
|
react to it by writing the password in between those steps, which is
|
|
then discarded. This bit me when trying to drive pesign with an expect
|
|
script.
|
|
|
|
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
|
---
|
|
src/password.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/password.c b/src/password.c
|
|
index cd1c07e..d4eae0d 100644
|
|
--- a/src/password.c
|
|
+++ b/src/password.c
|
|
@@ -71,9 +71,9 @@ static char *SEC_GetPassword(FILE *input, FILE *output, char *prompt,
|
|
for (;;) {
|
|
/* Prompt for password */
|
|
if (isTTY) {
|
|
+ echoOff(infd);
|
|
fprintf(output, "%s", prompt);
|
|
fflush (output);
|
|
- echoOff(infd);
|
|
}
|
|
|
|
fgets ( phrase, sizeof(phrase), input);
|