| Summary: | bb_askpass: Race between outputting prompt and flushing stdin | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | Simon Kagstrom <simon.kagstrom> |
| Component: | Other | Assignee: | unassigned |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | busybox-cvs |
| Priority: | P5 | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
| Attachments: | Patch to fix the issue | ||
Fixed in git, thanks! |
Created attachment 5438 [details] Patch to fix the issue There is a race between outputting "Password:" and flushing the input buffer. Basically, if the user starts typing really fast after the "Password:" prompt, the first few characters might be flushed away, leading to the wrong password being entered. The fix switches the order and changes the fflush call to only flush stdout. This might seem like an unlikely race, but I can reliably reproduce it using a pexpect login script (used in our testing environment), which starts sending the password as soon as it sees the "Password:" string. Without the patch, a looped test fails within < 100 rounds on a Xscale-based system, with it I can run thousands of runs without issues. A patch to fix the issue has been attached.