From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 5 Feb 2025 08:39:09 +0000 (+0100)
Subject: ask-password-api: refuse control characters in passwords
X-Git-Tag: v258-rc1~1322^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4ba044ebd0acb6841a5d6957e4258e921efaaf4d;p=thirdparty%2Fsystemd.git

ask-password-api: refuse control characters in passwords

Just some extra safety
---

diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 91d8945fd13..d1a4f24661e 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -745,9 +745,8 @@ int ask_password_tty(
                         if (ttyfd >= 0)
                                 (void) loop_write(ttyfd, NO_ECHO, SIZE_MAX);
 
-                } else if (p >= sizeof(passphrase)-1) {
-
-                        /* Reached the size limit */
+                } else if (char_is_cc(c) || p >= sizeof(passphrase)-1) {
+                        /* Don't accept control chars or overly long passphrases */
                         if (ttyfd >= 0)
                                 (void) loop_write(ttyfd, "\a", 1);