diff options
Diffstat (limited to 'main/musl/0005-fix-multiple-issues-in-legacy-function-getpass.patch')
| -rw-r--r-- | main/musl/0005-fix-multiple-issues-in-legacy-function-getpass.patch | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/main/musl/0005-fix-multiple-issues-in-legacy-function-getpass.patch b/main/musl/0005-fix-multiple-issues-in-legacy-function-getpass.patch new file mode 100644 index 0000000000..8f3a7dd12d --- /dev/null +++ b/main/musl/0005-fix-multiple-issues-in-legacy-function-getpass.patch @@ -0,0 +1,61 @@ +From ea496d6c63ecbb5ea475111808e5c0f799354450 Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Sun, 6 Jul 2014 01:34:13 -0400 +Subject: [PATCH] fix multiple issues in legacy function getpass + +1. failure to output a newline after the password is read +2. fd leaks via missing FD_CLOEXEC +3. fd leaks via failure-to-close when any of the standard streams are + closed at the time of the call +4. wrongful fallback to use of stdin when opening /dev/tty fails +5. wrongful use of stderr rather than /dev/tty for prompt +6. failure to report error reading password +--- + src/legacy/getpass.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/src/legacy/getpass.c b/src/legacy/getpass.c +index 3565d95..15ab985 100644 +--- a/src/legacy/getpass.c ++++ b/src/legacy/getpass.c +@@ -3,6 +3,7 @@ + #include <termios.h> + #include <unistd.h> + #include <fcntl.h> ++#include <string.h> + + char *getpass(const char *prompt) + { +@@ -11,7 +12,7 @@ char *getpass(const char *prompt) + ssize_t l; + static char password[128]; + +- if ((fd = open("/dev/tty", O_RDONLY|O_NOCTTY)) < 0) fd = 0; ++ if ((fd = open("/dev/tty", O_RDWR|O_NOCTTY|O_CLOEXEC)) < 0) return 0; + + tcgetattr(fd, &t); + s = t; +@@ -22,8 +23,7 @@ char *getpass(const char *prompt) + tcsetattr(fd, TCSAFLUSH, &t); + tcdrain(fd); + +- fputs(prompt, stderr); +- fflush(stderr); ++ dprintf(fd, "%s", prompt); + + l = read(fd, password, sizeof password); + if (l >= 0) { +@@ -33,7 +33,8 @@ char *getpass(const char *prompt) + + tcsetattr(fd, TCSAFLUSH, &s); + +- if (fd > 2) close(fd); ++ dprintf(fd, "\n"); ++ close(fd); + +- return password; ++ return l<0 ? 0 : password; + } +-- +2.0.1 + |