getpass_r() in tool_getpass.c is reading password from stdout instead of stdin
fd should be set 0 when /dev/tty is unavailable.
char getpass_r(const char prompt, / prompt to display /
char password, / buffer to store password in /
size_t buflen) / size of buffer to store password in /
{
...
int fd = open("/dev/tty", O_RDONLY);
if(-1 == fd)
fd = 1; / use stdin if the tty couldn't be used */
...
}
Also need to fix the cleanup code at the bottom of the function:
if(1 != fd)
close(fd);
Comparison should be against 0:
if (0 != fd)
close(fd);
Or even better use:
STDIN_FILENO from unistd.h
Thanks for the report. I just pushed this fix in commit 859a82a85cc0a. This bug has actually been around for over 10 years!
You might want to enclose the #include <unistd.h> with:
ifdef HAVE_UNISTD_H
endif
nice catch, thanks. Fixed that now!
Lagom