4378c6bb0f
Signed-off-by: Peter Jones <pjones@redhat.com>
35 lines
1.0 KiB
Diff
35 lines
1.0 KiB
Diff
From a40c584691ae071e93e8adf4e5c05bcd90c68159 Mon Sep 17 00:00:00 2001
|
|
From: Julien Cristau <jcristau@debian.org>
|
|
Date: Sat, 6 May 2017 22:45:34 +0200
|
|
Subject: [PATCH 21/28] Fix race condition in SEC_GetPassword
|
|
|
|
A side effect of echoOff is to discard unread input, so if we print the
|
|
prompt before echoOff, the user (or process) at the other end might
|
|
react to it by writing the password in between those steps, which is
|
|
then discarded. This bit me when trying to drive pesign with an expect
|
|
script.
|
|
|
|
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
|
---
|
|
src/password.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/password.c b/src/password.c
|
|
index cd1c07e..d4eae0d 100644
|
|
--- a/src/password.c
|
|
+++ b/src/password.c
|
|
@@ -71,9 +71,9 @@ static char *SEC_GetPassword(FILE *input, FILE *output, char *prompt,
|
|
for (;;) {
|
|
/* Prompt for password */
|
|
if (isTTY) {
|
|
+ echoOff(infd);
|
|
fprintf(output, "%s", prompt);
|
|
fflush (output);
|
|
- echoOff(infd);
|
|
}
|
|
|
|
fgets ( phrase, sizeof(phrase), input);
|
|
--
|
|
2.13.4
|
|
|