go.crypto/ssh/terminal: don't save passwords in history. The history buffer would recall previously entered lines: including passwords. With this change, lines entered while echo is disabled are no longer put into the history. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/10853043

commit: 329344838903394549d2d0823f13202fdb08d4fb [log] [tgz]
author: Adam Langley <agl@golang.org> Tue Jul 02 19:46:13 2013 -0400
committer: Adam Langley <agl@golang.org> Tue Jul 02 19:46:13 2013 -0400
tree: 22dc4b691369c9b973b480ca19e4fb0c8b550de2
parent: 7d4f6f0986732548c5c620acb3fc56ba3d06ca13 [diff]
diff --git a/terminal.go b/terminal.go
index d956b51..f83be8c 100644
--- a/terminal.go
+++ b/terminal.go

@@ -546,8 +546,10 @@
 		t.c.Write(t.outBuf)
 		t.outBuf = t.outBuf[:0]
 		if lineOk {
-			t.historyIndex = -1
-			t.history.Add(line)
+			if t.echo {
+				t.historyIndex = -1
+				t.history.Add(line)
+			}
 			return
 		}
 

diff --git a/terminal_test.go b/terminal_test.go
index ffcda79..7db3171 100644
--- a/terminal_test.go
+++ b/terminal_test.go

@@ -129,3 +129,19 @@
 		}
 	}
 }
+
+func TestPasswordNotSaved(t *testing.T) {
+	c := &MockTerminal{
+		toSend:       []byte("password\r\x1b[A\r"),
+		bytesPerRead: 1,
+	}
+	ss := NewTerminal(c, "> ")
+	pw, _ := ss.ReadPassword("> ")
+	if pw != "password" {
+		t.Fatalf("failed to read password, got %s", pw)
+	}
+	line, _ := ss.ReadLine()
+	if len(line) > 0 {
+		t.Fatalf("password was saved in history")
+	}
+}
commit	329344838903394549d2d0823f13202fdb08d4fb	[log] [tgz]
author	Adam Langley <agl@golang.org>	Tue Jul 02 19:46:13 2013 -0400
committer	Adam Langley <agl@golang.org>	Tue Jul 02 19:46:13 2013 -0400
tree	22dc4b691369c9b973b480ca19e4fb0c8b550de2
parent	7d4f6f0986732548c5c620acb3fc56ba3d06ca13 [diff]