Menu

#1476 getpass_r() in tool_getpass.c is reading password from stdout instead of stdin

closed-fixed
None
5
2015-02-03
2015-01-26
Tamir
No

getpass_r() in tool_getpass.c is reading password from stdout instead of stdin
fd should be set 0 when /dev/tty is unavailable.

char getpass_r(const char prompt, / prompt to display /
char password, / buffer to store password in /
size_t buflen) /
size of buffer to store password in /
{
...
int fd = open("/dev/tty", O_RDONLY);
if(-1 == fd)
fd = 1; /
use stdin if the tty couldn't be used */
...

}

Discussion

  • Tamir

    Tamir - 2015-01-26

    Also need to fix the cleanup code at the bottom of the function:
    if(1 != fd)
    close(fd);

    Comparison should be against 0:
    if (0 != fd)
    close(fd);

    Or even better use:
    STDIN_FILENO from unistd.h

     
  • Daniel Stenberg

    Daniel Stenberg - 2015-02-02
    • status: open --> closed-fixed
    • assigned_to: Daniel Stenberg
     
  • Daniel Stenberg

    Daniel Stenberg - 2015-02-02

    Thanks for the report. I just pushed this fix in commit 859a82a85cc0a. This bug has actually been around for over 10 years!

     
  • Tamir

    Tamir - 2015-02-03

    You might want to enclose the #include <unistd.h> with:

    ifdef HAVE_UNISTD_H

    endif

     
  • Daniel Stenberg

    Daniel Stenberg - 2015-02-03

    nice catch, thanks. Fixed that now!

     
  • Tamir

    Tamir - 2015-02-03

    Lagom