GNU bug report logs - #38311
[PATCH] Hide quoted passwords with spaces in Authinfo

Previous Next

Package: emacs;

Reported by: Dario Gjorgjevski <dario.gjorgjevski <at> gmail.com>

Date: Thu, 21 Nov 2019 09:19:01 UTC

Severity: normal

Tags: fixed, patch

Fixed in version 27.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 38311 in the body.
You can then email your comments to 38311 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#38311; Package emacs. (Thu, 21 Nov 2019 09:19:03 GMT) Full text and rfc822 format available.
Acknowledgement sent to Dario Gjorgjevski <dario.gjorgjevski <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Thu, 21 Nov 2019 09:19:03 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Dario Gjorgjevski <dario.gjorgjevski <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: [PATCH] Hide quoted passwords with spaces in Authinfo
Date: Thu, 21 Nov 2019 10:18:03 +0100

[Message part 1 (text/plain, inline)]
The auth-source library hides passwords in authinfo-mode, putting an
overlay of "****" over them.

For example,
    “machine localhost port sudo login root password foobar”
will show up as
    “machine localhost port sudo login root password ****”.

However, it fails to properly hide passwords which are quoted and
contain spaces, even though those are still valid and parsed
successfully.

For example,
    “machine localhost port sudo login root password "foo bar"”
will show up as
    “machine localhost port sudo login root password **** bar"”.

The attached patch fixes this by using the same logic that
‘auth-source-netrc-parse-one’ uses to retrieve the field.  The logic is
moved to a separate function.

Best regards,
Dario


[0001-Hide-quoted-passwords-with-spaces-in-Authinfo.patch (text/x-diff, inline)]
From 34f07b1dc8517d1c7e580bff1e5ac34b69c993d6 Mon Sep 17 00:00:00 2001
From: Dario Gjorgjevski <dario.gjorgjevski+git <at> gmail.com>
Date: Thu, 21 Nov 2019 10:10:32 +0100
Subject: [PATCH] Hide quoted passwords with spaces in Authinfo
To: bug-gnu-emacs <at> gnu.org

* lisp/auth-source.el (auth-source-netrc-looking-at-one): New
function, extracted from auth-source-netrc-parse-one.
(auth-source-netrc-parse-one, authinfo--hide-passwords): Use
auth-source-netrc-looking-at-one.
---
 lisp/auth-source.el | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/lisp/auth-source.el b/lisp/auth-source.el
index 4926f67f0a..0800202914 100644
--- a/lisp/auth-source.el
+++ b/lisp/auth-source.el
@@ -1000,13 +1000,17 @@ auth-source-netrc-parse-next-interesting
     (forward-line 1)
     (skip-chars-forward "\t ")))
 
+(defun auth-source-netrc-looking-at-one ()
+  "Modify match data with one thing from the current buffer."
+  (or (looking-at "'\\([^']*\\)'")
+      (looking-at "\"\\([^\"]*\\)\"")
+      (looking-at "\\([^ \t\n]+\\)")))
+
 (defun auth-source-netrc-parse-one ()
   "Read one thing from the current buffer."
   (auth-source-netrc-parse-next-interesting)
 
-  (when (or (looking-at "'\\([^']*\\)'")
-            (looking-at "\"\\([^\"]*\\)\"")
-            (looking-at "\\([^ \t\n]+\\)"))
+  (when (auth-source-netrc-looking-at-one)
     (forward-char (length (match-string 0)))
     (prog1
         (match-string-no-properties 1)
@@ -2427,7 +2431,7 @@ authinfo--hide-passwords
       (while (re-search-forward (format "\\(\\s-\\|^\\)\\(%s\\)\\s-+"
                                         authinfo-hidden)
                                 nil t)
-        (when (looking-at "[^\n\t ]+")
+        (when (auth-source-netrc-looking-at-one)
           (let ((overlay (make-overlay (match-beginning 0) (match-end 0))))
             (overlay-put overlay 'display (propertize "****"
                                                       'face 'warning))
-- 
2.17.1
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#38311; Package emacs. (Thu, 21 Nov 2019 12:53:02 GMT) Full text and rfc822 format available.

Message #8 received at 38311 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Dario Gjorgjevski <dario.gjorgjevski <at> gmail.com>
Cc: 38311 <at> debbugs.gnu.org
Subject: Re: bug#38311: [PATCH] Hide quoted passwords with spaces in Authinfo
Date: Thu, 21 Nov 2019 13:52:25 +0100

Dario Gjorgjevski <dario.gjorgjevski <at> gmail.com> writes:

> The attached patch fixes this by using the same logic that
> ‘auth-source-netrc-parse-one’ uses to retrieve the field.  The logic is
> moved to a separate function.

Thanks; applied to Emacs 27 (with minor changes).

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
Added tag(s) fixed. Request was from Lars Ingebrigtsen <larsi <at> gnus.org> to control <at> debbugs.gnu.org. (Thu, 21 Nov 2019 12:53:02 GMT) Full text and rfc822 format available.
bug marked as fixed in version 27.1, send any further explanations to 38311 <at> debbugs.gnu.org and Dario Gjorgjevski <dario.gjorgjevski <at> gmail.com> Request was from Lars Ingebrigtsen <larsi <at> gnus.org> to control <at> debbugs.gnu.org. (Thu, 21 Nov 2019 12:53:02 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 20 Dec 2019 12:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 5 years and 241 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.