iolog_pwfilt_run: apply regex on ttyout even if we disabled filtering.

The heuristic used to decide when to disable filtering is when we see another ttyout buffer or find a cr or nl in the ttyin buffer. However, we should also check the buffer that caused us to disable filtering for a matching regex that would re-enable filtering. Programs that prompt for a password twice might otherwise not have the second password filtered.
2025-08-22 01:49:11 +00:00 · 2022-02-18 09:14:35 -07:00 · 2022-02-18 09:14:35 -07:00 · b19bd98531
commit b19bd98531
parent 9f5615e5b1
1 changed files with 4 additions and 5 deletions
--- a/lib/iolog/iolog_filter.c
+++ b/lib/iolog/iolog_filter.c
@ -193,10 +193,8 @@ iolog_pwfilt_run(void *vhandle, int event, const char *buf,
    switch (event) {
    case IO_EVENT_TTYOUT:
 	/* If filtering passwords and we receive output, disable it. */
-	if (handle->is_filtered) {
+	if (handle->is_filtered)
 	    handle->is_filtered = false;
-	    break;
-	}

 	/* Make a copy of buf that is NUL-terminated. */
 	copy = malloc(len + 1);
@ -222,8 +220,10 @@ iolog_pwfilt_run(void *vhandle, int event, const char *buf,

 	    for (i = 0; i < len; i++) {
 		/* We will stop filtering after reaching cr/nl. */
-		if (buf[i] == '\r' || buf[i] == '\n')
+		if (buf[i] == '\r' || buf[i] == '\n') {
+		    handle->is_filtered = false;
 		    break;
+		}
 	    }
 	    if (i != 0) {
 		/* Filtered, replace buffer with '*' chars. */
@ -237,7 +237,6 @@ iolog_pwfilt_run(void *vhandle, int event, const char *buf,
 		if (i != len) {
 		    /* Done filtering, copy cr/nl and subsequent characters. */
 		    memcpy(copy + i, buf + i, len - i);
-		    handle->is_filtered = false;
 		}
 		*newbuf = copy;
 	    }