Blob Blame History Raw
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Julien Cristau <jcristau@debian.org>
Date: Sat, 6 May 2017 22:45:34 +0200
Subject: [PATCH] Fix race condition in SEC_GetPassword

A side effect of echoOff is to discard unread input, so if we print the
prompt before echoOff, the user (or process) at the other end might
react to it by writing the password in between those steps, which is
then discarded.  This bit me when trying to drive pesign with an expect
script.

Signed-off-by: Julien Cristau <jcristau@debian.org>
---
 src/password.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/password.c b/src/password.c
index cd1c07e..d4eae0d 100644
--- a/src/password.c
+++ b/src/password.c
@@ -71,9 +71,9 @@ static char *SEC_GetPassword(FILE *input, FILE *output, char *prompt,
     for (;;) {
 	/* Prompt for password */
 	if (isTTY) {
+	    echoOff(infd);
 	    fprintf(output, "%s", prompt);
             fflush (output);
-	    echoOff(infd);
 	}
 
 	fgets ( phrase, sizeof(phrase), input);