1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00

Move sanitisation of k-i prompts into the SSH code.

Now, instead of each seat's prompt-handling function doing the
control-char sanitisation of prompt text, the SSH code does it. This
means we can do it differently depending on the prompt.

In particular, prompts _we_ generate (e.g. a genuine request for your
private key's passphrase) are not sanitised; but prompts coming from
the server (in keyboard-interactive mode, or its more restricted SSH-1
analogues, TIS and CryptoCard) are not only sanitised but also
line-length limited and surrounded by uncounterfeitable headers, like
I've just done to the authentication banners.

This should mean that if a malicious server tries to fake the local
passphrase prompt (perhaps because it's somehow already got a copy of
your _encrypted_ private key), you can tell the difference.
This commit is contained in:
Simon Tatham 2019-03-09 15:51:38 +00:00
parent 767a9c6e45
commit e21afff605
6 changed files with 182 additions and 142 deletions

View File

@ -57,6 +57,9 @@ struct ssh1_login_state {
RSAKey servkey, hostkey; RSAKey servkey, hostkey;
bool want_user_input; bool want_user_input;
StripCtrlChars *tis_scc;
bool tis_scc_initialised;
PacketProtocolLayer ppl; PacketProtocolLayer ppl;
}; };
@ -135,6 +138,8 @@ static PktIn *ssh1_login_pop(struct ssh1_login_state *s)
return pq_pop(s->ppl.in_pq); return pq_pop(s->ppl.in_pq);
} }
static void ssh1_login_setup_tis_scc(struct ssh1_login_state *s);
static void ssh1_login_process_queue(PacketProtocolLayer *ppl) static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
{ {
struct ssh1_login_state *s = struct ssh1_login_state *s =
@ -784,6 +789,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
if (conf_get_bool(s->conf, CONF_try_tis_auth) && if (conf_get_bool(s->conf, CONF_try_tis_auth) &&
(s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) && (s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
!s->tis_auth_refused) { !s->tis_auth_refused) {
ssh1_login_setup_tis_scc(s);
s->pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE; s->pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
ppl_logevent("Requested TIS authentication"); ppl_logevent("Requested TIS authentication");
pkt = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_CMSG_AUTH_TIS); pkt = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_CMSG_AUTH_TIS);
@ -796,10 +802,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
s->tis_auth_refused = true; s->tis_auth_refused = true;
continue; continue;
} else if (pktin->type == SSH1_SMSG_AUTH_TIS_CHALLENGE) { } else if (pktin->type == SSH1_SMSG_AUTH_TIS_CHALLENGE) {
ptrlen challenge; ptrlen challenge = get_string(pktin);
char *instr_suf, *prompt;
challenge = get_string(pktin);
if (get_err(pktin)) { if (get_err(pktin)) {
ssh_proto_error(s->ppl.ssh, "TIS challenge packet was " ssh_proto_error(s->ppl.ssh, "TIS challenge packet was "
"badly formed"); "badly formed");
@ -809,21 +812,28 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
s->cur_prompt->to_server = true; s->cur_prompt->to_server = true;
s->cur_prompt->from_server = true; s->cur_prompt->from_server = true;
s->cur_prompt->name = dupstr("SSH TIS authentication"); s->cur_prompt->name = dupstr("SSH TIS authentication");
/* Prompt heuristic comes from OpenSSH */
if (!memchr(challenge.ptr, '\n', challenge.len)) { strbuf *sb = strbuf_new();
instr_suf = dupstr(""); put_datapl(sb, PTRLEN_LITERAL("\
prompt = mkstr(challenge); -- TIS authentication challenge from server: ---------------------------------\
\r\n"));
if (s->tis_scc) {
stripctrl_retarget(s->tis_scc, BinarySink_UPCAST(sb));
put_datapl(s->tis_scc, challenge);
stripctrl_retarget(s->tis_scc, NULL);
} else { } else {
instr_suf = mkstr(challenge); put_datapl(sb, challenge);
prompt = dupstr("Response: ");
} }
s->cur_prompt->instruction = if (!ptrlen_endswith(challenge, PTRLEN_LITERAL("\n"), NULL))
dupprintf("Using TIS authentication.%s%s", put_datapl(sb, PTRLEN_LITERAL("\r\n"));
(*instr_suf) ? "\n" : "", put_datapl(sb, PTRLEN_LITERAL("\
instr_suf); -- End of TIS authentication challenge from server: --------------------------\
\r\n"));
s->cur_prompt->instruction = strbuf_to_str(sb);
s->cur_prompt->instr_reqd = true; s->cur_prompt->instr_reqd = true;
add_prompt(s->cur_prompt, prompt, false); add_prompt(s->cur_prompt, dupstr(
sfree(instr_suf); "TIS authentication response: "), false);
} else { } else {
ssh_proto_error(s->ppl.ssh, "Received unexpected packet" ssh_proto_error(s->ppl.ssh, "Received unexpected packet"
" in response to TIS authentication, " " in response to TIS authentication, "
@ -834,6 +844,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
} else if (conf_get_bool(s->conf, CONF_try_tis_auth) && } else if (conf_get_bool(s->conf, CONF_try_tis_auth) &&
(s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) && (s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
!s->ccard_auth_refused) { !s->ccard_auth_refused) {
ssh1_login_setup_tis_scc(s);
s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE; s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
ppl_logevent("Requested CryptoCard authentication"); ppl_logevent("Requested CryptoCard authentication");
pkt = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_CMSG_AUTH_CCARD); pkt = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_CMSG_AUTH_CCARD);
@ -845,10 +856,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
s->ccard_auth_refused = true; s->ccard_auth_refused = true;
continue; continue;
} else if (pktin->type == SSH1_SMSG_AUTH_CCARD_CHALLENGE) { } else if (pktin->type == SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
ptrlen challenge; ptrlen challenge = get_string(pktin);
char *instr_suf, *prompt;
challenge = get_string(pktin);
if (get_err(pktin)) { if (get_err(pktin)) {
ssh_proto_error(s->ppl.ssh, "CryptoCard challenge packet " ssh_proto_error(s->ppl.ssh, "CryptoCard challenge packet "
"was badly formed"); "was badly formed");
@ -858,22 +866,28 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
s->cur_prompt->to_server = true; s->cur_prompt->to_server = true;
s->cur_prompt->from_server = true; s->cur_prompt->from_server = true;
s->cur_prompt->name = dupstr("SSH CryptoCard authentication"); s->cur_prompt->name = dupstr("SSH CryptoCard authentication");
s->cur_prompt->name_reqd = false;
/* Prompt heuristic comes from OpenSSH */ strbuf *sb = strbuf_new();
if (!memchr(challenge.ptr, '\n', challenge.len)) { put_datapl(sb, PTRLEN_LITERAL("\
instr_suf = dupstr(""); -- CryptoCard authentication challenge from server: --------------------------\
prompt = mkstr(challenge); \r\n"));
if (s->tis_scc) {
stripctrl_retarget(s->tis_scc, BinarySink_UPCAST(sb));
put_datapl(s->tis_scc, challenge);
stripctrl_retarget(s->tis_scc, NULL);
} else { } else {
instr_suf = mkstr(challenge); put_datapl(sb, challenge);
prompt = dupstr("Response: ");
} }
s->cur_prompt->instruction = if (!ptrlen_endswith(challenge, PTRLEN_LITERAL("\n"), NULL))
dupprintf("Using CryptoCard authentication.%s%s", put_datapl(sb, PTRLEN_LITERAL("\r\n"));
(*instr_suf) ? "\n" : "", put_datapl(sb, PTRLEN_LITERAL("\
instr_suf); -- End of CryptoCard authentication challenge from server: -------------------\
\r\n"));
s->cur_prompt->instruction = strbuf_to_str(sb);
s->cur_prompt->instr_reqd = true; s->cur_prompt->instr_reqd = true;
add_prompt(s->cur_prompt, prompt, false); add_prompt(s->cur_prompt, dupstr(
sfree(instr_suf); "CryptoCard authentication response: "), false);
} else { } else {
ssh_proto_error(s->ppl.ssh, "Received unexpected packet" ssh_proto_error(s->ppl.ssh, "Received unexpected packet"
" in response to TIS authentication, " " in response to TIS authentication, "
@ -1085,6 +1099,16 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
crFinishV; crFinishV;
} }
static void ssh1_login_setup_tis_scc(struct ssh1_login_state *s)
{
if (s->tis_scc_initialised)
return;
s->tis_scc = seat_stripctrl_new(s->ppl.seat, NULL, SIC_KI_PROMPTS);
if (s->tis_scc)
stripctrl_enable_line_limiting(s->tis_scc);
s->tis_scc_initialised = true;
}
static void ssh1_login_dialog_callback(void *loginv, int ret) static void ssh1_login_dialog_callback(void *loginv, int ret)
{ {
struct ssh1_login_state *s = (struct ssh1_login_state *)loginv; struct ssh1_login_state *s = (struct ssh1_login_state *)loginv;

View File

@ -81,6 +81,10 @@ struct ssh2_userauth_state {
StripCtrlChars *banner_scc; StripCtrlChars *banner_scc;
bool banner_scc_initialised; bool banner_scc_initialised;
StripCtrlChars *ki_scc;
bool ki_scc_initialised;
bool ki_printed_header;
PacketProtocolLayer ppl; PacketProtocolLayer ppl;
}; };
@ -176,6 +180,8 @@ static void ssh2_userauth_free(PacketProtocolLayer *ppl)
strbuf_free(s->last_methods_string); strbuf_free(s->last_methods_string);
if (s->banner_scc) if (s->banner_scc)
stripctrl_free(s->banner_scc); stripctrl_free(s->banner_scc);
if (s->ki_scc)
stripctrl_free(s->ki_scc);
sfree(s); sfree(s);
} }
@ -1174,6 +1180,14 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
ppl_logevent("Attempting keyboard-interactive authentication"); ppl_logevent("Attempting keyboard-interactive authentication");
if (!s->ki_scc_initialised) {
s->ki_scc = seat_stripctrl_new(
s->ppl.seat, NULL, SIC_KI_PROMPTS);
if (s->ki_scc)
stripctrl_enable_line_limiting(s->ki_scc);
s->ki_scc_initialised = true;
}
crMaybeWaitUntilV((pktin = ssh2_userauth_pop(s)) != NULL); crMaybeWaitUntilV((pktin = ssh2_userauth_pop(s)) != NULL);
if (pktin->type != SSH2_MSG_USERAUTH_INFO_REQUEST) { if (pktin->type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
/* Server is not willing to do keyboard-interactive /* Server is not willing to do keyboard-interactive
@ -1186,12 +1200,15 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
continue; continue;
} }
s->ki_printed_header = false;
/* /*
* Loop while the server continues to send INFO_REQUESTs. * Loop while the server continues to send INFO_REQUESTs.
*/ */
while (pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) { while (pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
ptrlen name, inst; ptrlen name, inst;
strbuf *sb;
int i; int i;
/* /*
@ -1210,52 +1227,78 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
*/ */
s->num_prompts = get_uint32(pktin); s->num_prompts = get_uint32(pktin);
for (i = 0; i < s->num_prompts; i++) { for (i = 0; i < s->num_prompts; i++) {
ptrlen prompt; ptrlen prompt = get_string(pktin);
bool echo; bool echo = get_bool(pktin);
static char noprompt[] =
"<server failed to send prompt>: ";
prompt = get_string(pktin); sb = strbuf_new();
echo = get_bool(pktin);
if (!prompt.len) { if (!prompt.len) {
prompt.ptr = noprompt; put_datapl(sb, PTRLEN_LITERAL(
prompt.len = lenof(noprompt)-1; "<server failed to send prompt>: "));
} else if (s->ki_scc) {
stripctrl_retarget(
s->ki_scc, BinarySink_UPCAST(sb));
put_datapl(s->ki_scc, prompt);
stripctrl_retarget(s->ki_scc, NULL);
} else {
put_datapl(sb, prompt);
} }
add_prompt(s->cur_prompt, mkstr(prompt), echo); add_prompt(s->cur_prompt, strbuf_to_str(sb), echo);
} }
/*
* Make the header strings. This includes the
* 'name' (optional dialog-box title) and
* 'instruction' from the server.
*
* First, display our disambiguating header line
* if this is the first time round the loop -
* _unless_ the server has sent a completely empty
* k-i packet with no prompts _or_ text, which
* apparently some do. In that situation there's
* no need to alert the user that the following
* text is server- supplied, because, well, _what_
* text?
*
* We also only do this if we got a stripctrl,
* because if we didn't, that suggests this is all
* being done via dialog boxes anyway.
*/
if (!s->ki_printed_header && s->ki_scc &&
(s->num_prompts || name.len || inst.len)) {
ssh2_userauth_antispoof_msg(
s, "Keyboard-interactive authentication "
"prompts from server:");
s->ki_printed_header = true;
}
sb = strbuf_new();
if (name.len) { if (name.len) {
/* FIXME: better prefix to distinguish from stripctrl_retarget(s->ki_scc, BinarySink_UPCAST(sb));
* local prompts? */ put_datapl(s->ki_scc, name);
s->cur_prompt->name = stripctrl_retarget(s->ki_scc, NULL);
dupprintf("SSH server: %.*s", PTRLEN_PRINTF(name));
s->cur_prompt->name_reqd = true; s->cur_prompt->name_reqd = true;
} else { } else {
s->cur_prompt->name = put_datapl(sb, PTRLEN_LITERAL(
dupstr("SSH server authentication"); "SSH server authentication"));
s->cur_prompt->name_reqd = false; s->cur_prompt->name_reqd = false;
} }
/* We add a prefix to try to make it clear that a prompt s->cur_prompt->name = strbuf_to_str(sb);
* has come from the server.
* FIXME: ugly to print "Using..." in prompt _every_ sb = strbuf_new();
* time round. Can this be done more subtly? */ if (inst.len) {
/* Special case: for reasons best known to themselves, stripctrl_retarget(s->ki_scc, BinarySink_UPCAST(sb));
* some servers send k-i requests with no prompts and put_datapl(s->ki_scc, inst);
* nothing to display. Keep quiet in this case. */ stripctrl_retarget(s->ki_scc, NULL);
if (s->num_prompts || name.len || inst.len) {
s->cur_prompt->instruction =
dupprintf("Using keyboard-interactive "
"authentication.%s%.*s",
inst.len ? "\n" : "",
PTRLEN_PRINTF(inst));
s->cur_prompt->instr_reqd = true; s->cur_prompt->instr_reqd = true;
} else { } else {
s->cur_prompt->instr_reqd = false; s->cur_prompt->instr_reqd = false;
} }
/* /*
* Display any instructions, and get the user's * Our prompts_t is fully constructed now. Get the
* response(s). * user's response(s).
*/ */
s->userpass_ret = seat_get_userpass_input( s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, NULL); s->ppl.seat, s->cur_prompt, NULL);
@ -1313,6 +1356,13 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
} }
/*
* Print our trailer line, if we printed a header.
*/
if (s->ki_printed_header)
ssh2_userauth_antispoof_msg(
s, "End of keyboard-interactive prompts from server");
/* /*
* We should have SUCCESS or FAILURE now. * We should have SUCCESS or FAILURE now.
*/ */

View File

@ -1682,9 +1682,6 @@ Terminal *term_init(Conf *myconf, struct unicode_data *ucsdata, TermWin *win)
term->paste_buffer = NULL; term->paste_buffer = NULL;
term->paste_len = 0; term->paste_len = 0;
bufchain_init(&term->inbuf); bufchain_init(&term->inbuf);
bufchain_sink_init(&term->inbuf_bs, &term->inbuf);
term->inbuf_scc = stripctrl_new_term(
BinarySink_UPCAST(&term->inbuf_bs), false, 0, term);
bufchain_init(&term->printer_buf); bufchain_init(&term->printer_buf);
term->printing = term->only_printing = false; term->printing = term->only_printing = false;
term->print_job = NULL; term->print_job = NULL;
@ -1779,7 +1776,6 @@ void term_free(Terminal *term)
term->beephead = beep->next; term->beephead = beep->next;
sfree(beep); sfree(beep);
} }
stripctrl_free(term->inbuf_scc);
bufchain_clear(&term->inbuf); bufchain_clear(&term->inbuf);
if(term->print_job) if(term->print_job)
printer_finish_job(term->print_job); printer_finish_job(term->print_job);
@ -6837,12 +6833,6 @@ size_t term_data(Terminal *term, bool is_stderr, const void *data, size_t len)
return 0; return 0;
} }
static void term_data_untrusted(Terminal *term, const void *data, size_t len)
{
put_data(term->inbuf_scc, data, len);
term_added_data(term);
}
void term_provide_logctx(Terminal *term, LogContext *logctx) void term_provide_logctx(Terminal *term, LogContext *logctx)
{ {
term->logctx = logctx; term->logctx = logctx;
@ -6877,6 +6867,12 @@ struct term_userpass_state {
size_t pos; /* cursor position */ size_t pos; /* cursor position */
}; };
/* Tiny wrapper to make it easier to write lots of little strings */
static inline void term_write(Terminal *term, ptrlen data)
{
term_data(term, false, data.ptr, data.len);
}
/* /*
* Process some terminal data in the course of username/password * Process some terminal data in the course of username/password
* input. * input.
@ -6893,17 +6889,17 @@ int term_get_userpass_input(Terminal *term, prompts_t *p, bufchain *input)
s->done_prompt = false; s->done_prompt = false;
/* We only print the `name' caption if we have to... */ /* We only print the `name' caption if we have to... */
if (p->name_reqd && p->name) { if (p->name_reqd && p->name) {
size_t l = strlen(p->name); ptrlen plname = ptrlen_from_asciz(p->name);
term_data_untrusted(term, p->name, l); term_write(term, plname);
if (p->name[l-1] != '\n') if (!ptrlen_endswith(plname, PTRLEN_LITERAL("\n"), NULL))
term_data_untrusted(term, "\n", 1); term_write(term, PTRLEN_LITERAL("\r\n"));
} }
/* ...but we always print any `instruction'. */ /* ...but we always print any `instruction'. */
if (p->instruction) { if (p->instruction) {
size_t l = strlen(p->instruction); ptrlen plinst = ptrlen_from_asciz(p->instruction);
term_data_untrusted(term, p->instruction, l); term_write(term, plinst);
if (p->instruction[l-1] != '\n') if (!ptrlen_endswith(plinst, PTRLEN_LITERAL("\n"), NULL))
term_data_untrusted(term, "\n", 1); term_write(term, PTRLEN_LITERAL("\r\n"));
} }
/* /*
* Zero all the results, in case we abort half-way through. * Zero all the results, in case we abort half-way through.
@ -6921,7 +6917,7 @@ int term_get_userpass_input(Terminal *term, prompts_t *p, bufchain *input)
bool finished_prompt = false; bool finished_prompt = false;
if (!s->done_prompt) { if (!s->done_prompt) {
term_data_untrusted(term, pr->prompt, strlen(pr->prompt)); term_write(term, ptrlen_from_asciz(pr->prompt));
s->done_prompt = true; s->done_prompt = true;
s->pos = 0; s->pos = 0;
} }
@ -6937,7 +6933,7 @@ int term_get_userpass_input(Terminal *term, prompts_t *p, bufchain *input)
switch (c) { switch (c) {
case 10: case 10:
case 13: case 13:
term_data(term, false, "\r\n", 2); term_write(term, PTRLEN_LITERAL("\r\n"));
prompt_ensure_result_size(pr, s->pos + 1); prompt_ensure_result_size(pr, s->pos + 1);
pr->result[s->pos] = '\0'; pr->result[s->pos] = '\0';
/* go to next prompt, if any */ /* go to next prompt, if any */
@ -6949,7 +6945,7 @@ int term_get_userpass_input(Terminal *term, prompts_t *p, bufchain *input)
case 127: case 127:
if (s->pos > 0) { if (s->pos > 0) {
if (pr->echo) if (pr->echo)
term_data(term, false, "\b \b", 3); term_write(term, PTRLEN_LITERAL("\b \b"));
s->pos--; s->pos--;
} }
break; break;
@ -6957,14 +6953,14 @@ int term_get_userpass_input(Terminal *term, prompts_t *p, bufchain *input)
case 27: case 27:
while (s->pos > 0) { while (s->pos > 0) {
if (pr->echo) if (pr->echo)
term_data(term, false, "\b \b", 3); term_write(term, PTRLEN_LITERAL("\b \b"));
s->pos--; s->pos--;
} }
break; break;
case 3: case 3:
case 4: case 4:
/* Immediate abort. */ /* Immediate abort. */
term_data(term, false, "\r\n", 2); term_write(term, PTRLEN_LITERAL("\r\n"));
sfree(s); sfree(s);
p->data = NULL; p->data = NULL;
return 0; /* user abort */ return 0; /* user abort */
@ -6979,7 +6975,7 @@ int term_get_userpass_input(Terminal *term, prompts_t *p, bufchain *input)
prompt_ensure_result_size(pr, s->pos + 1); prompt_ensure_result_size(pr, s->pos + 1);
pr->result[s->pos++] = c; pr->result[s->pos++] = c;
if (pr->echo) if (pr->echo)
term_data(term, false, &c, 1); term_write(term, make_ptrlen(&c, 1));
} }
break; break;
} }

View File

@ -100,8 +100,6 @@ struct terminal_tag {
termchar basic_erase_char, erase_char; termchar basic_erase_char, erase_char;
bufchain inbuf; /* terminal input buffer */ bufchain inbuf; /* terminal input buffer */
bufchain_sink inbuf_bs;
StripCtrlChars *inbuf_scc;
pos curs; /* cursor */ pos curs; /* cursor */
pos savecurs; /* saved cursor position */ pos savecurs; /* saved cursor position */

View File

@ -494,22 +494,9 @@ static void console_close(FILE *outfp, int infd)
fclose(outfp); /* will automatically close infd too */ fclose(outfp); /* will automatically close infd too */
} }
static void console_prompt_text(FILE *outfp, const char *data, size_t len) static void console_write(FILE *outfp, ptrlen data)
{ {
bufchain sanitised; fwrite(data.ptr, 1, data.len, outfp);
bufchain_sink bs;
bufchain_init(&sanitised);
bufchain_sink_init(&bs, &sanitised);
StripCtrlChars *scc = stripctrl_new(BinarySink_UPCAST(&bs), false, 0);
put_data(scc, data, len);
stripctrl_free(scc);
while (bufchain_size(&sanitised) > 0) {
ptrlen sdata = bufchain_prefix(&sanitised);
fwrite(sdata.ptr, 1, sdata.len, outfp);
bufchain_consume(&sanitised, sdata.len);
}
fflush(outfp); fflush(outfp);
} }
@ -538,17 +525,17 @@ int console_get_userpass_input(prompts_t *p)
*/ */
/* We only print the `name' caption if we have to... */ /* We only print the `name' caption if we have to... */
if (p->name_reqd && p->name) { if (p->name_reqd && p->name) {
size_t l = strlen(p->name); ptrlen plname = ptrlen_from_asciz(p->name);
console_prompt_text(outfp, p->name, l); console_write(outfp, plname);
if (p->name[l-1] != '\n') if (!ptrlen_endswith(plname, PTRLEN_LITERAL("\n"), NULL))
console_prompt_text(outfp, "\n", 1); console_write(outfp, PTRLEN_LITERAL("\n"));
} }
/* ...but we always print any `instruction'. */ /* ...but we always print any `instruction'. */
if (p->instruction) { if (p->instruction) {
size_t l = strlen(p->instruction); ptrlen plinst = ptrlen_from_asciz(p->instruction);
console_prompt_text(outfp, p->instruction, l); console_write(outfp, plinst);
if (p->instruction[l-1] != '\n') if (!ptrlen_endswith(plinst, PTRLEN_LITERAL("\n"), NULL))
console_prompt_text(outfp, "\n", 1); console_write(outfp, PTRLEN_LITERAL("\n"));
} }
for (curr_prompt = 0; curr_prompt < p->n_prompts; curr_prompt++) { for (curr_prompt = 0; curr_prompt < p->n_prompts; curr_prompt++) {
@ -566,7 +553,7 @@ int console_get_userpass_input(prompts_t *p)
newmode.c_lflag |= ECHO; newmode.c_lflag |= ECHO;
tcsetattr(infd, TCSANOW, &newmode); tcsetattr(infd, TCSANOW, &newmode);
console_prompt_text(outfp, pr->prompt, strlen(pr->prompt)); console_write(outfp, ptrlen_from_asciz(pr->prompt));
len = 0; len = 0;
while (1) { while (1) {
@ -588,7 +575,7 @@ int console_get_userpass_input(prompts_t *p)
tcsetattr(infd, TCSANOW, &oldmode); tcsetattr(infd, TCSANOW, &oldmode);
if (!pr->echo) if (!pr->echo)
console_prompt_text(outfp, "\n", 1); console_write(outfp, PTRLEN_LITERAL("\n"));
if (len < 0) { if (len < 0) {
console_close(outfp, infd); console_close(outfp, infd);

View File

@ -394,23 +394,10 @@ StripCtrlChars *console_stripctrl_new(
return stripctrl_new(bs_out, false, 0); return stripctrl_new(bs_out, false, 0);
} }
static void console_data_untrusted(HANDLE hout, const char *data, size_t len) static void console_write(HANDLE hout, ptrlen data)
{ {
DWORD dummy; DWORD dummy;
bufchain sanitised; WriteFile(hout, data.ptr, data.len, &dummy, NULL);
bufchain_sink bs;
bufchain_init(&sanitised);
bufchain_sink_init(&bs, &sanitised);
StripCtrlChars *scc = stripctrl_new(BinarySink_UPCAST(&bs), false, 0);
put_data(scc, data, len);
stripctrl_free(scc);
while (bufchain_size(&sanitised) > 0) {
ptrlen sdata = bufchain_prefix(&sanitised);
WriteFile(hout, sdata.ptr, sdata.len, &dummy, NULL);
bufchain_consume(&sanitised, sdata.len);
}
} }
int console_get_userpass_input(prompts_t *p) int console_get_userpass_input(prompts_t *p)
@ -459,17 +446,17 @@ int console_get_userpass_input(prompts_t *p)
*/ */
/* We only print the `name' caption if we have to... */ /* We only print the `name' caption if we have to... */
if (p->name_reqd && p->name) { if (p->name_reqd && p->name) {
size_t l = strlen(p->name); ptrlen plname = ptrlen_from_asciz(p->name);
console_data_untrusted(hout, p->name, l); console_write(hout, plname);
if (p->name[l-1] != '\n') if (!ptrlen_endswith(plname, PTRLEN_LITERAL("\n"), NULL))
console_data_untrusted(hout, "\n", 1); console_write(hout, PTRLEN_LITERAL("\n"));
} }
/* ...but we always print any `instruction'. */ /* ...but we always print any `instruction'. */
if (p->instruction) { if (p->instruction) {
size_t l = strlen(p->instruction); ptrlen plinst = ptrlen_from_asciz(p->instruction);
console_data_untrusted(hout, p->instruction, l); console_write(hout, plinst);
if (p->instruction[l-1] != '\n') if (!ptrlen_endswith(plinst, PTRLEN_LITERAL("\n"), NULL))
console_data_untrusted(hout, "\n", 1); console_write(hout, PTRLEN_LITERAL("\n"));
} }
for (curr_prompt = 0; curr_prompt < p->n_prompts; curr_prompt++) { for (curr_prompt = 0; curr_prompt < p->n_prompts; curr_prompt++) {
@ -486,7 +473,7 @@ int console_get_userpass_input(prompts_t *p)
newmode |= ENABLE_ECHO_INPUT; newmode |= ENABLE_ECHO_INPUT;
SetConsoleMode(hin, newmode); SetConsoleMode(hin, newmode);
console_data_untrusted(hout, pr->prompt, strlen(pr->prompt)); console_write(hout, ptrlen_from_asciz(pr->prompt));
len = 0; len = 0;
while (1) { while (1) {
@ -510,10 +497,8 @@ int console_get_userpass_input(prompts_t *p)
SetConsoleMode(hin, savemode); SetConsoleMode(hin, savemode);
if (!pr->echo) { if (!pr->echo)
DWORD dummy; console_write(hout, PTRLEN_LITERAL("\r\n"));
WriteFile(hout, "\r\n", 2, &dummy, NULL);
}
if (len == (size_t)-1) { if (len == (size_t)-1) {
return 0; /* failure due to read error */ return 0; /* failure due to read error */