[Bug 7190] New: bb_askpass: Race between outputting prompt and flushing stdin

bugzilla at busybox.net bugzilla at busybox.net
Wed Jun 11 07:02:01 UTC 2014


https://bugs.busybox.net/show_bug.cgi?id=7190

           Summary: bb_askpass: Race between outputting prompt and
                    flushing stdin
           Product: Busybox
           Version: unspecified
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: Other
        AssignedTo: unassigned at busybox.net
        ReportedBy: simon.kagstrom at netinsight.net
                CC: busybox-cvs at busybox.net
   Estimated Hours: 0.0


Created attachment 5438
  --> https://bugs.busybox.net/attachment.cgi?id=5438
Patch to fix the issue

There is a race between outputting "Password:" and flushing the input
buffer. Basically, if the user starts typing really fast after the
"Password:" prompt, the first few characters might be flushed away,
leading to the wrong password being entered. The fix switches the
order and changes the fflush call to only flush stdout.

This might seem like an unlikely race, but I can reliably reproduce it
using a pexpect login script (used in our testing environment), which
starts sending the password as soon as it sees the "Password:" string.
Without the patch, a looped test fails within < 100 rounds on a
Xscale-based system, with it I can run thousands of runs without issues.


A patch to fix the issue has been attached.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list