Merged revisions 76000,76016 via svnmerge from

svn+ssh://pythondev@svn.python.org/python/trunk

........
  r76000 | gregory.p.smith | 2009-10-31 14:26:08 -0700 (Sat, 31 Oct 2009) | 7 lines

  Fixes issue7208 - getpass would still allow the password to be echoed on
  Solaris due to not flushing the input buffer.

  This change also incorporates some additional getpass implementation
  suggestions for security based on an analysis of getpass.c linked to from the
  issue.
........
  r76016 | gregory.p.smith | 2009-11-01 10:33:55 -0800 (Sun, 01 Nov 2009) | 2 lines

  news entry for r76000
........

diff --git a/Lib/getpass.py b/Lib/getpass.py
index d0030ae7973a2ee4b3d9a4e306490f4986a707c3..2eb01fac3daf03c44cde5767b7af832609ea4970 100644 (file)
--- a/Lib/getpass.py
+++ b/Lib/getpass.py
@@ -62,12 +62,16 @@ def unix_getpass(prompt='Password: ', stream=None):
         try:
             old = termios.tcgetattr(fd)     # a copy to save
             new = old[:]
-            new[3] &= ~termios.ECHO  # 3 == 'lflags'
+            new[3] &= ~(termios.ECHO|termios.ISIG)  # 3 == 'lflags'
+            tcsetattr_flags = termios.TCSAFLUSH
+            if hasattr(termios, 'TCSASOFT'):
+                tcsetattr_flags |= termios.TCSASOFT
             try:
-                termios.tcsetattr(fd, termios.TCSADRAIN, new)
+                termios.tcsetattr(fd, tcsetattr_flags, new)
                 passwd = _raw_input(prompt, stream, input=input)
             finally:
-                termios.tcsetattr(fd, termios.TCSADRAIN, old)
+                termios.tcsetattr(fd, tcsetattr_flags, old)
+                stream.flush()  # issue7208
         except termios.error as e:
             if passwd is not None:
                 # _raw_input succeeded.  The final tcsetattr failed.  Reraise
@@ -124,6 +128,7 @@ def _raw_input(prompt="", stream=None, input=None):
     if prompt:
         stream.write(prompt)
         stream.flush()
+    # NOTE: The Python C API calls flockfile() (and unlock) during readline.
     line = input.readline()
     if not line:
         raise EOFError

diff --git a/Misc/NEWS b/Misc/NEWS
index b06d74782bb11ff1c605a0e73d5c27b2134ba1d1..e979137f942d9624da2928b903610a0ceeba8c98 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -120,6 +120,12 @@ C-API
 Library
 -------
 
+- Issue #7246 & Issue #7208: getpass now properly flushes input before
+  reading from stdin so that existing input does not confuse it and
+  lead to incorrect entry or an IOError.  It also properly flushes it
+  afterwards to avoid the terminal echoing the input afterwards on
+  OSes such as Solaris.
+
 - Issue #7233: Fix a number of two-argument Decimal methods to make
   sure that they accept an int or long as the second argument.  Also
   fix buggy handling of large arguments (those with coefficient longer