summaryrefslogtreecommitdiffstats
path: root/Lib
diff options
context:
space:
mode:
authorGregory P. Smith <greg@mad-scientist.com>2009-11-01 18:31:13 (GMT)
committerGregory P. Smith <greg@mad-scientist.com>2009-11-01 18:31:13 (GMT)
commit6da85f947f0c03a9fde7de4a9386498be8eaaa94 (patch)
treea20c527f892bd493169c680b0812bf23d79f4ea6 /Lib
parentf44aa34ceec6e6d068802946f759d2db4bdc1087 (diff)
downloadcpython-6da85f947f0c03a9fde7de4a9386498be8eaaa94.zip
cpython-6da85f947f0c03a9fde7de4a9386498be8eaaa94.tar.gz
cpython-6da85f947f0c03a9fde7de4a9386498be8eaaa94.tar.bz2
Merged revisions 76000 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk ........ r76000 | gregory.p.smith | 2009-10-31 14:26:08 -0700 (Sat, 31 Oct 2009) | 7 lines Fixes issue7208 - getpass would still allow the password to be echoed on Solaris due to not flushing the input buffer. This change also incorporates some additional getpass implementation suggestions for security based on an analysis of getpass.c linked to from the issue. ........
Diffstat (limited to 'Lib')
-rw-r--r--Lib/getpass.py11
1 files changed, 8 insertions, 3 deletions
diff --git a/Lib/getpass.py b/Lib/getpass.py
index 05e9b72..3ca7fb2 100644
--- a/Lib/getpass.py
+++ b/Lib/getpass.py
@@ -62,12 +62,16 @@ def unix_getpass(prompt='Password: ', stream=None):
try:
old = termios.tcgetattr(fd) # a copy to save
new = old[:]
- new[3] &= ~termios.ECHO # 3 == 'lflags'
+ new[3] &= ~(termios.ECHO|termios.ISIG) # 3 == 'lflags'
+ tcsetattr_flags = termios.TCSAFLUSH
+ if hasattr(termios, 'TCSASOFT'):
+ tcsetattr_flags |= termios.TCSASOFT
try:
- termios.tcsetattr(fd, termios.TCSADRAIN, new)
+ termios.tcsetattr(fd, tcsetattr_flags, new)
passwd = _raw_input(prompt, stream, input=input)
finally:
- termios.tcsetattr(fd, termios.TCSADRAIN, old)
+ termios.tcsetattr(fd, tcsetattr_flags, old)
+ stream.flush() # issue7208
except termios.error, e:
if passwd is not None:
# _raw_input succeeded. The final tcsetattr failed. Reraise
@@ -125,6 +129,7 @@ def _raw_input(prompt="", stream=None, input=None):
if prompt:
stream.write(prompt)
stream.flush()
+ # NOTE: The Python C API calls flockfile() (and unlock) during readline.
line = input.readline()
if not line:
raise EOFError