From 329344838903394549d2d0823f13202fdb08d4fb Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@golang.org>
Date: Tue, 2 Jul 2013 19:46:13 -0400
Subject: [PATCH] go.crypto/ssh/terminal: don't save passwords in history.

The history buffer would recall previously entered lines: including passwords. With this change, lines entered while echo is disabled are no longer put into the history.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/10853043
---
 terminal.go      |  6 ++++--
 terminal_test.go | 16 ++++++++++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/terminal.go b/terminal.go
index d956b51..f83be8c 100644
--- a/terminal.go
+++ b/terminal.go
@@ -546,8 +546,10 @@ func (t *Terminal) readLine() (line string, err error) {
 		t.c.Write(t.outBuf)
 		t.outBuf = t.outBuf[:0]
 		if lineOk {
-			t.historyIndex = -1
-			t.history.Add(line)
+			if t.echo {
+				t.historyIndex = -1
+				t.history.Add(line)
+			}
 			return
 		}
 
diff --git a/terminal_test.go b/terminal_test.go
index ffcda79..7db3171 100644
--- a/terminal_test.go
+++ b/terminal_test.go
@@ -129,3 +129,19 @@ func TestKeyPresses(t *testing.T) {
 		}
 	}
 }
+
+func TestPasswordNotSaved(t *testing.T) {
+	c := &MockTerminal{
+		toSend:       []byte("password\r\x1b[A\r"),
+		bytesPerRead: 1,
+	}
+	ss := NewTerminal(c, "> ")
+	pw, _ := ss.ReadPassword("> ")
+	if pw != "password" {
+		t.Fatalf("failed to read password, got %s", pw)
+	}
+	line, _ := ss.ReadLine()
+	if len(line) > 0 {
+		t.Fatalf("password was saved in history")
+	}
+}