go.crypto/ssh/terminal: don't save passwords in history.

The history buffer would recall previously entered lines: including passwords. With this change, lines entered while echo is disabled are no longer put into the history. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/10853043
2026-01-29 07:02:06 +03:00 · 2013-07-02 19:46:13 -04:00
parent 7d4f6f0986
commit 3293448389
2 changed files with 20 additions and 2 deletions
--- a/terminal.go
+++ b/terminal.go
@@ -546,8 +546,10 @@ func (t *Terminal) readLine() (line string, err error) {
 		t.c.Write(t.outBuf)
 		t.outBuf = t.outBuf[:0]
 		if lineOk {
-			t.historyIndex = -1
-			t.history.Add(line)
+			if t.echo {
+				t.historyIndex = -1
+				t.history.Add(line)
+			}
 			return
 		}

--- a/terminal_test.go
+++ b/terminal_test.go
@@ -129,3 +129,19 @@ func TestKeyPresses(t *testing.T) {
 		}
 	}
 }
+
+func TestPasswordNotSaved(t *testing.T) {
+	c := &MockTerminal{
+		toSend:       []byte("password\r\x1b[A\r"),
+		bytesPerRead: 1,
+	}
+	ss := NewTerminal(c, "> ")
+	pw, _ := ss.ReadPassword("> ")
+	if pw != "password" {
+		t.Fatalf("failed to read password, got %s", pw)
+	}
+	line, _ := ss.ReadLine()
+	if len(line) > 0 {
+		t.Fatalf("password was saved in history")
+	}
+}