From b19bd985310fb629e08ec9bcf3983e6a4e6e3e74 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 18 Feb 2022 09:14:35 -0700 Subject: [PATCH] iolog_pwfilt_run: apply regex on ttyout even if we disabled filtering. The heuristic used to decide when to disable filtering is when we see another ttyout buffer or find a cr or nl in the ttyin buffer. However, we should also check the buffer that caused us to disable filtering for a matching regex that would re-enable filtering. Programs that prompt for a password twice might otherwise not have the second password filtered. --- lib/iolog/iolog_filter.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/iolog/iolog_filter.c b/lib/iolog/iolog_filter.c index c27ee597f..ecccf18de 100644 --- a/lib/iolog/iolog_filter.c +++ b/lib/iolog/iolog_filter.c @@ -193,10 +193,8 @@ iolog_pwfilt_run(void *vhandle, int event, const char *buf, switch (event) { case IO_EVENT_TTYOUT: /* If filtering passwords and we receive output, disable it. */ - if (handle->is_filtered) { + if (handle->is_filtered) handle->is_filtered = false; - break; - } /* Make a copy of buf that is NUL-terminated. */ copy = malloc(len + 1); @@ -222,8 +220,10 @@ iolog_pwfilt_run(void *vhandle, int event, const char *buf, for (i = 0; i < len; i++) { /* We will stop filtering after reaching cr/nl. */ - if (buf[i] == '\r' || buf[i] == '\n') + if (buf[i] == '\r' || buf[i] == '\n') { + handle->is_filtered = false; break; + } } if (i != 0) { /* Filtered, replace buffer with '*' chars. */ @@ -237,7 +237,6 @@ iolog_pwfilt_run(void *vhandle, int event, const char *buf, if (i != len) { /* Done filtering, copy cr/nl and subsequent characters. */ memcpy(copy + i, buf + i, len - i); - handle->is_filtered = false; } *newbuf = copy; }