From 4ba044ebd0acb6841a5d6957e4258e921efaaf4d Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 5 Feb 2025 09:39:09 +0100
Subject: [PATCH] ask-password-api: refuse control characters in passwords

Just some extra safety
---
 src/shared/ask-password-api.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 91d8945fd13..d1a4f24661e 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -745,9 +745,8 @@ int ask_password_tty(
                         if (ttyfd >= 0)
                                 (void) loop_write(ttyfd, NO_ECHO, SIZE_MAX);
 
-                } else if (p >= sizeof(passphrase)-1) {
-
-                        /* Reached the size limit */
+                } else if (char_is_cc(c) || p >= sizeof(passphrase)-1) {
+                        /* Don't accept control chars or overly long passphrases */
                         if (ttyfd >= 0)
                                 (void) loop_write(ttyfd, "\a", 1);
 
-- 
2.47.3