ipmitool: Fix ask_password getpass usage. #243
base: master
Are you sure you want to change the base?
Conversation
|
Closes #229 |
Awaiting response on getpass/getpassphrase/readpassphrase discussion. Otherwise initial comments should be resolved. |
Added a few more updates. I'll replace getpass with termios as well. Thanks for the review! Sorry its taking me a bit to get it all done. Will retest on Linux and FreeBSD when termios support is implemented. |
lib/ipmi_user.c
Outdated
|
||
password_prompt = ipmi_user_build_password_prompt(user_id); | ||
if (buf && buflen > 0) { | ||
sbuf = password_routine(password_prompt); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: you can reduce the indentation with some early bails - I don't know what the policy is on these, but if sbuf == NULL) { log; return ret; } etc etc
My apologies, I haven't had cycles to get the termios work started yet. Feel free to accept/deny this PR. If accepted, please feel free to file an issue and assign me to take to completion. I'm hoping to get some time this week to work this. |
@pstrinkle Browser cache got me.. Will take a look at closer look at your review asap. |
Ok, going to test these changes this week. Took at stab at it. It is likely not perfect, but hoping it is sufficient. Careful review would be awesome specifically looking for buffer overflow or careless errors in that regard. |
152d191
to
fabae06
Compare
This replaces ask_password getpass usage. getpass was not being used correctly because it uses a static buffer. Pointers to the getpass return value will all point to that same static buffer. Comparing them after multiple calls in incorrect. This fix implements portable password input via termios API.
Not totally sure whats going on with CI, can't seem to make catalina happy, however I'm building locally just fine on 10.15.7. |
IPMITool user password testing.Configure test user.
Test non matching passwords.
Test password greater than 20 chars.
Test setting empty password ("")
Test set matching password (testpw)
Test correct password.
Test incorrect Password
|
Tested on Fedora 33 over the lanplus interface to a Dell PowerEdge r640. |
Sorry for the long delay. |
Thank you for your time. I will take a look at it as soon as I have some spare time too. |
Hello everybody, please forgive my question if it is inappropriate. I encountered the bug documented in #229 independently and created a simple patch myself. Then I found this pull request. I can see that this pull request has more ambitions than merely fixing the bug itself and it also intends to improve the code. I can see there are failed checks in this pull request, but their logs are not available any more. |
@filipjares, it looks to me that the failed builds are caused by some changes in GitHub Actions infrastructure, as they just started failing on new PRs without me merging anything that failed them. If you're willing to investigate that, you're more than welcome. |
Anything I can do to help move this along? |
This is a quick fix for password matching. getpass was not being used
correctly because it uses a static buffer. Pointers to the getpass
return value will all point to that same static buffer. Comparing them
after multiple calls in incorrect.
This fix takes the return value to getpass and stores it into a local
buffer for comparison. There are additional improvements that could be
made such as wiping the pw buffers asap to reduce duration in memory.