1349349 - Problem with Password.readPasswordFromConsole().

Status: RESOLVED FIXED

(JSS Graveyard :: Library, defect)

Description

[Endi S. Dewata]

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0
Build ID: 20161213225041

Steps to reproduce:

JSS uses Password.readPasswordFromConsole() to read password securely from the console by disabling terminal echo and displaying masking characters (*) instead. The method is currently implemented in native code.


Actual results:

If the application is terminated (with Ctrl-C) while waiting on password, the terminal echo will remain disabled, causing usability issue.


Expected results:

The native code should be replaced with System.console().readPassword() which provides the same functionality (but without displaying masking characters) and will not affect terminal echo if interrupted.

Comment 1

[Endi S. Dewata]

Attachment: 0001-Replaced-Password.readPasswordFromConsole-implementa.patch

The native implementation of Password.readPasswordFromConsole() has
been replaced with platform independent code using System.console()
which does not cause a problem if the program is interrupted while
waiting for password input.

Comment 2

[Elio Maldonado]

Comment on attachment 8849735 [details] [diff] [review]
0001-Replaced-Password.readPasswordFromConsole-implementa.patch

Review of attachment 8849735 [details] [diff] [review]:
-----------------------------------------------------------------

With Endi's help and guidance I was able to test this downstream in fedora using other client packages, e.g. pki-ca.

Comment 3

[Elio Maldonado]

Pushed: https://hg.mozilla.org/projects/jss/rev/3bf34cb9ac29aa296a84288236e1af211cf0d37b