upstream: Print an \r in front of the password prompt so parts of

a password that was entered too early are likely clobbered by the prompt.
Idea from doas.

from and ok djm
"i like it" deraadt

OpenBSD-Commit-ID: 5fb97c68df6d8b09ab37f77bca1d84d799c4084e

diff --git a/readpass.c b/readpass.c
index f160f866b885994c9bda84f6e1e51d5d854eb966..44014ef8af5586e5dd0dfdc17b12294d719ed892 100644 (file)
--- a/readpass.c
+++ b/readpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.52 2018/07/18 11:34:04 dtucker Exp $ */
+/* $OpenBSD: readpass.c,v 1.53 2019/01/19 04:15:56 tb Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -117,7 +117,7 @@ ssh_askpass(char *askpass, const char *msg)
 char *
 read_passphrase(const char *prompt, int flags)
 {
-       char *askpass = NULL, *ret, buf[1024];
+       char cr = '\r', *askpass = NULL, *ret, buf[1024];
        int rppflags, use_askpass = 0, ttyfd;
 
        rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
@@ -131,9 +131,16 @@ read_passphrase(const char *prompt, int flags)
        } else {
                rppflags |= RPP_REQUIRE_TTY;
                ttyfd = open(_PATH_TTY, O_RDWR);
-               if (ttyfd >= 0)
+               if (ttyfd >= 0) {
+                       /*
+                        * If we're on a tty, ensure that show the prompt at
+                        * the beginning of the line. This will hopefully
+                        * clobber any password characters the user has
+                        * optimistically typed before echo is disabled.
+                        */
+                       (void)write(ttyfd, &cr, 1);
                        close(ttyfd);
-               else {
+               } else {
                        debug("read_passphrase: can't open %s: %s", _PATH_TTY,
                            strerror(errno));
                        use_askpass = 1;