Blame SOURCES/0021-Fix-race-condition-in-SEC_GetPassword.patch
|
 |
65f427 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
793dd5 |
From: Julien Cristau <jcristau@debian.org>
|
|
|
793dd5 |
Date: Sat, 6 May 2017 22:45:34 +0200
|
|
|
65f427 |
Subject: [PATCH] Fix race condition in SEC_GetPassword
|
|
|
793dd5 |
|
|
|
793dd5 |
A side effect of echoOff is to discard unread input, so if we print the
|
|
|
793dd5 |
prompt before echoOff, the user (or process) at the other end might
|
|
|
793dd5 |
react to it by writing the password in between those steps, which is
|
|
|
793dd5 |
then discarded. This bit me when trying to drive pesign with an expect
|
|
|
793dd5 |
script.
|
|
|
793dd5 |
|
|
|
793dd5 |
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
|
|
793dd5 |
---
|
|
|
793dd5 |
src/password.c | 2 +-
|
|
|
793dd5 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
793dd5 |
|
|
|
793dd5 |
diff --git a/src/password.c b/src/password.c
|
|
|
793dd5 |
index cd1c07e..d4eae0d 100644
|
|
|
793dd5 |
--- a/src/password.c
|
|
|
793dd5 |
+++ b/src/password.c
|
|
|
793dd5 |
@@ -71,9 +71,9 @@ static char *SEC_GetPassword(FILE *input, FILE *output, char *prompt,
|
|
|
793dd5 |
for (;;) {
|
|
|
793dd5 |
/* Prompt for password */
|
|
|
793dd5 |
if (isTTY) {
|
|
|
793dd5 |
+ echoOff(infd);
|
|
|
793dd5 |
fprintf(output, "%s", prompt);
|
|
|
793dd5 |
fflush (output);
|
|
|
793dd5 |
- echoOff(infd);
|
|
|
793dd5 |
}
|
|
|
793dd5 |
|
|
|
793dd5 |
fgets ( phrase, sizeof(phrase), input);
|