7190 – bb_askpass: Race between outputting prompt and flushing stdin

Bug 7190 - bb_askpass: Race between outputting prompt and flushing stdin

Summary: bb_askpass: Race between outputting prompt and flushing stdin

Status:	RESOLVED FIXED

Alias:	None

Product:	Busybox
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	unspecified
Hardware:	All Linux

Importance:	P5 minor
Target Milestone:	---
Assignee:	unassigned

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-06-11 07:02 UTC by Simon Kagstrom
Modified:	2014-07-01 11:21 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:

Attachments
Patch to fix the issue (1.49 KB, patch) 2014-06-11 07:02 UTC, Simon Kagstrom	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Simon Kagstrom 2014-06-11 07:02:00 UTC

Created attachment 5438 [details]
Patch to fix the issue

There is a race between outputting "Password:" and flushing the input
buffer. Basically, if the user starts typing really fast after the
"Password:" prompt, the first few characters might be flushed away,
leading to the wrong password being entered. The fix switches the
order and changes the fflush call to only flush stdout.
    
This might seem like an unlikely race, but I can reliably reproduce it
using a pexpect login script (used in our testing environment), which
starts sending the password as soon as it sees the "Password:" string.
Without the patch, a looped test fails within < 100 rounds on a
Xscale-based system, with it I can run thousands of runs without issues.


A patch to fix the issue has been attached.

Comment 1 Denys Vlasenko 2014-07-01 11:21:15 UTC

Fixed in git, thanks!