go.crypto/ssh/terminal: don't save passwords in history.
The history buffer would recall previously entered lines: including passwords. With this change, lines entered while echo is disabled are no longer put into the history.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/10853043
diff --git a/terminal.go b/terminal.go
index d956b51..f83be8c 100644
--- a/terminal.go
+++ b/terminal.go
@@ -546,8 +546,10 @@
t.c.Write(t.outBuf)
t.outBuf = t.outBuf[:0]
if lineOk {
- t.historyIndex = -1
- t.history.Add(line)
+ if t.echo {
+ t.historyIndex = -1
+ t.history.Add(line)
+ }
return
}
diff --git a/terminal_test.go b/terminal_test.go
index ffcda79..7db3171 100644
--- a/terminal_test.go
+++ b/terminal_test.go
@@ -129,3 +129,19 @@
}
}
}
+
+func TestPasswordNotSaved(t *testing.T) {
+ c := &MockTerminal{
+ toSend: []byte("password\r\x1b[A\r"),
+ bytesPerRead: 1,
+ }
+ ss := NewTerminal(c, "> ")
+ pw, _ := ss.ReadPassword("> ")
+ if pw != "password" {
+ t.Fatalf("failed to read password, got %s", pw)
+ }
+ line, _ := ss.ReadLine()
+ if len(line) > 0 {
+ t.Fatalf("password was saved in history")
+ }
+}