Commit 859a82a8 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

getpass_r: read from stdin, not stdout! 

The file number used was wrong. This bug was introduced over 10 years
ago, proving this function isn't used much...

Bug: http://curl.haxx.se/bug/view.cgi?id=1476
Reported-by: Tamir
parent 8f369c53

src/tool_getpass.c

+4 −3
Original line number Diff line number Diff line
@@ -5,7 +5,7 @@ 
 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms
@@ -52,6 +52,7 @@ 
#  endif

#endif



#include <unistd.h>

#define _MPRINTF_REPLACE

#include <curl/mprintf.h>
@@ -229,7 +230,7 @@ char *getpass_r(const char *prompt, /* prompt to display */ 
  bool disabled;

  int fd = open("/dev/tty", O_RDONLY);

  if(-1 == fd)

    fd = 1; /* use stdin if the tty couldn't be used */

    fd = STDIN_FILENO; /* use stdin if the tty couldn't be used */



  disabled = ttyecho(FALSE, fd); /* disable terminal echo */
@@ -246,7 +247,7 @@ char *getpass_r(const char *prompt, /* prompt to display */ 
    (void)ttyecho(TRUE, fd); /* enable echo */

  }



  if(1 != fd)

  if(STDIN_FILENO != fd)

    close(fd);



  return password; /* return pointer to buffer */