Merged revisions 76000 via svnmerge from

svn+ssh://pythondev@svn.python.org/python/trunk ........ r76000 | gregory.p.smith | 2009-10-31 14:26:08 -0700 (Sat, 31 Oct 2009) | 7 lines Fixes issue7208 - getpass would still allow the password to be echoed on Solaris due to not flushing the input buffer. This change also incorporates some additional getpass implementation suggestions for security based on an analysis of getpass.c linked to from the issue. ........
2025-08-16 14:50:43 +00:00 · 2009-11-01 18:31:13 +00:00 · 2009-11-01 18:31:13 +00:00 · 6da85f947f
commit 6da85f947f
parent f44aa34cee
2 changed files with 14 additions and 3 deletions
--- a/Lib/getpass.py
+++ b/Lib/getpass.py
@ -62,12 +62,16 @@ def unix_getpass(prompt='Password: ', stream=None):
        try:
            old = termios.tcgetattr(fd)     # a copy to save
            new = old[:]
-            new[3] &= ~termios.ECHO  # 3 == 'lflags'
+            new[3] &= ~(termios.ECHO|termios.ISIG)  # 3 == 'lflags'
+            tcsetattr_flags = termios.TCSAFLUSH
+            if hasattr(termios, 'TCSASOFT'):
+                tcsetattr_flags |= termios.TCSASOFT
            try:
-                termios.tcsetattr(fd, termios.TCSADRAIN, new)
+                termios.tcsetattr(fd, tcsetattr_flags, new)
                passwd = _raw_input(prompt, stream, input=input)
            finally:
-                termios.tcsetattr(fd, termios.TCSADRAIN, old)
+                termios.tcsetattr(fd, tcsetattr_flags, old)
+                stream.flush()  # issue7208
        except termios.error, e:
            if passwd is not None:
                # _raw_input succeeded.  The final tcsetattr failed.  Reraise
@ -125,6 +129,7 @@ def _raw_input(prompt="", stream=None, input=None):
    if prompt:
        stream.write(prompt)
        stream.flush()
+    # NOTE: The Python C API calls flockfile() (and unlock) during readline.
    line = input.readline()
    if not line:
        raise EOFError