Commit 5046788c authored by Gregory P. Smith's avatar Gregory P. Smith

Merged revisions 76000,76016 via svnmerge from

svn+ssh://pythondev@svn.python.org/python/trunk

........
  r76000 | gregory.p.smith | 2009-10-31 14:26:08 -0700 (Sat, 31 Oct 2009) | 7 lines

  Fixes issue7208 - getpass would still allow the password to be echoed on
  Solaris due to not flushing the input buffer.

  This change also incorporates some additional getpass implementation
  suggestions for security based on an analysis of getpass.c linked to from the
  issue.
........
  r76016 | gregory.p.smith | 2009-11-01 10:33:55 -0800 (Sun, 01 Nov 2009) | 2 lines

  news entry for r76000
........
parent f3b80026
......@@ -62,12 +62,16 @@ def unix_getpass(prompt='Password: ', stream=None):
try:
old = termios.tcgetattr(fd) # a copy to save
new = old[:]
new[3] &= ~termios.ECHO # 3 == 'lflags'
new[3] &= ~(termios.ECHO|termios.ISIG) # 3 == 'lflags'
tcsetattr_flags = termios.TCSAFLUSH
if hasattr(termios, 'TCSASOFT'):
tcsetattr_flags |= termios.TCSASOFT
try:
termios.tcsetattr(fd, termios.TCSADRAIN, new)
termios.tcsetattr(fd, tcsetattr_flags, new)
passwd = _raw_input(prompt, stream, input=input)
finally:
termios.tcsetattr(fd, termios.TCSADRAIN, old)
termios.tcsetattr(fd, tcsetattr_flags, old)
stream.flush() # issue7208
except termios.error as e:
if passwd is not None:
# _raw_input succeeded. The final tcsetattr failed. Reraise
......@@ -124,6 +128,7 @@ def _raw_input(prompt="", stream=None, input=None):
if prompt:
stream.write(prompt)
stream.flush()
# NOTE: The Python C API calls flockfile() (and unlock) during readline.
line = input.readline()
if not line:
raise EOFError
......
......@@ -120,6 +120,12 @@ C-API
Library
-------
- Issue #7246 & Issue #7208: getpass now properly flushes input before
reading from stdin so that existing input does not confuse it and
lead to incorrect entry or an IOError. It also properly flushes it
afterwards to avoid the terminal echoing the input afterwards on
OSes such as Solaris.
- Issue #7233: Fix a number of two-argument Decimal methods to make
sure that they accept an int or long as the second argument. Also
fix buggy handling of large arguments (those with coefficient longer
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment