fix multiple issues in legacy function getpass

1. failure to output a newline after the password is read
2. fd leaks via missing FD_CLOEXEC
3. fd leaks via failure-to-close when any of the standard streams are
   closed at the time of the call
4. wrongful fallback to use of stdin when opening /dev/tty fails
5. wrongful use of stderr rather than /dev/tty for prompt
6. failure to report error reading password

(cherry picked from commit ea496d6c63ecbb5ea475111808e5c0f799354450)

diff --git a/src/legacy/getpass.c b/src/legacy/getpass.c
index 3565d95f86b410c1331ccb4c7b7dc68ba8e3e02c..15ab9851e8f886d52187cf8910619b08f63cb5bc 100644 (file)
--- a/src/legacy/getpass.c
+++ b/src/legacy/getpass.c
@@ -3,6 +3,7 @@
 #include <termios.h>
 #include <unistd.h>
 #include <fcntl.h>
+#include <string.h>
 
 char *getpass(const char *prompt)
 {
@@ -11,7 +12,7 @@ char *getpass(const char *prompt)
        ssize_t l;
        static char password[128];
 
-       if ((fd = open("/dev/tty", O_RDONLY|O_NOCTTY)) < 0) fd = 0;
+       if ((fd = open("/dev/tty", O_RDWR|O_NOCTTY|O_CLOEXEC)) < 0) return 0;
 
        tcgetattr(fd, &t);
        s = t;
@@ -22,8 +23,7 @@ char *getpass(const char *prompt)
        tcsetattr(fd, TCSAFLUSH, &t);
        tcdrain(fd);
 
-       fputs(prompt, stderr);
-       fflush(stderr);
+       dprintf(fd, "%s", prompt);
 
        l = read(fd, password, sizeof password);
        if (l >= 0) {
@@ -33,7 +33,8 @@ char *getpass(const char *prompt)
 
        tcsetattr(fd, TCSAFLUSH, &s);
 
-       if (fd > 2) close(fd);
+       dprintf(fd, "\n");
+       close(fd);
 
-       return password;
+       return l<0 ? 0 : password;
 }