pesign/0021-Fix-race-condition-in-SEC_GetPassword.patch
Igor Gnatenko 6ef5e2d179
Revert "pesign fails to build from source: https://bugzilla.redhat.com/show_bug.cgi?id=1675653"
This reverts commit f45e45d127.

References: https://pagure.io/releng/issue/8618
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2019-08-12 17:36:50 +02:00

35 lines
1.0 KiB
Diff

From a40c584691ae071e93e8adf4e5c05bcd90c68159 Mon Sep 17 00:00:00 2001
From: Julien Cristau <jcristau@debian.org>
Date: Sat, 6 May 2017 22:45:34 +0200
Subject: [PATCH 21/29] Fix race condition in SEC_GetPassword
A side effect of echoOff is to discard unread input, so if we print the
prompt before echoOff, the user (or process) at the other end might
react to it by writing the password in between those steps, which is
then discarded. This bit me when trying to drive pesign with an expect
script.
Signed-off-by: Julien Cristau <jcristau@debian.org>
---
src/password.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/password.c b/src/password.c
index cd1c07e..d4eae0d 100644
--- a/src/password.c
+++ b/src/password.c
@@ -71,9 +71,9 @@ static char *SEC_GetPassword(FILE *input, FILE *output, char *prompt,
for (;;) {
/* Prompt for password */
if (isTTY) {
+ echoOff(infd);
fprintf(output, "%s", prompt);
fflush (output);
- echoOff(infd);
}
fgets ( phrase, sizeof(phrase), input);
--
2.13.4