c2cd4a27db
Nirik is seeing a failure that looks like: [root@bkernel01 ~][PROD]# journalctl -b -l -u pesign | cat -- Logs begin at Tue 2017-08-08 18:10:41 UTC, end at Tue 2017-08-08 18:27:17 UTC. -- Aug 08 18:22:25 bkernel01.phx2.fedoraproject.org systemd[1]: Starting Pesign signing daemon... Aug 08 18:22:25 bkernel01.phx2.fedoraproject.org pesign[11226]: pesignd starting (pid 11227) Aug 08 18:22:25 bkernel01.phx2.fedoraproject.org pesignd[11227]: pesignd starting (pid 11227) Aug 08 18:22:25 bkernel01.phx2.fedoraproject.org pesign[11226]: Could not initialize nss: The certificate/key database is in an old, unsupported format. Aug 08 18:22:27 bkernel01.phx2.fedoraproject.org systemd[1]: pesign.service: PID 11227 read from file /var/run/pesign.pid does not exist or is a zombie. Aug 08 18:22:27 bkernel01.phx2.fedoraproject.org systemd[1]: Failed to start Pesign signing daemon. Aug 08 18:22:27 bkernel01.phx2.fedoraproject.org systemd[1]: pesign.service: Unit entered failed state. Aug 08 18:22:27 bkernel01.phx2.fedoraproject.org systemd[1]: pesign.service: Failed with result 'protocol'. Signed-off-by: Peter Jones <pjones@redhat.com>
35 lines
1.0 KiB
Diff
35 lines
1.0 KiB
Diff
From a40c584691ae071e93e8adf4e5c05bcd90c68159 Mon Sep 17 00:00:00 2001
|
|
From: Julien Cristau <jcristau@debian.org>
|
|
Date: Sat, 6 May 2017 22:45:34 +0200
|
|
Subject: [PATCH 21/24] Fix race condition in SEC_GetPassword
|
|
|
|
A side effect of echoOff is to discard unread input, so if we print the
|
|
prompt before echoOff, the user (or process) at the other end might
|
|
react to it by writing the password in between those steps, which is
|
|
then discarded. This bit me when trying to drive pesign with an expect
|
|
script.
|
|
|
|
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
|
---
|
|
src/password.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/password.c b/src/password.c
|
|
index cd1c07e..d4eae0d 100644
|
|
--- a/src/password.c
|
|
+++ b/src/password.c
|
|
@@ -71,9 +71,9 @@ static char *SEC_GetPassword(FILE *input, FILE *output, char *prompt,
|
|
for (;;) {
|
|
/* Prompt for password */
|
|
if (isTTY) {
|
|
+ echoOff(infd);
|
|
fprintf(output, "%s", prompt);
|
|
fflush (output);
|
|
- echoOff(infd);
|
|
}
|
|
|
|
fgets ( phrase, sizeof(phrase), input);
|
|
--
|
|
2.13.4
|
|
|