readpassword: limit password length to 1000 bytes
This used to hang at 100% CPU: cat /dev/zero | gocryptfs -init a ...and would ultimately send the box into out-of-memory. The number 1000 is chosen arbitrarily and seems big enough given that the password must be one line. Suggested by @mhogomchungu in https://github.com/rfjakob/gocryptfs/issues/77 .
This commit is contained in:
parent
54caaf4b98
commit
3784901fce
|
@ -17,6 +17,7 @@ import (
|
||||||
|
|
||||||
const (
|
const (
|
||||||
exitCode = 9
|
exitCode = 9
|
||||||
|
maxPasswordLen = 1000
|
||||||
)
|
)
|
||||||
|
|
||||||
// Once tries to get a password from the user, either from the terminal, extpass
|
// Once tries to get a password from the user, either from the terminal, extpass
|
||||||
|
@ -126,6 +127,10 @@ func readPasswordExtpass(extpass string) string {
|
||||||
func readLineUnbuffered(r io.Reader) (l string) {
|
func readLineUnbuffered(r io.Reader) (l string) {
|
||||||
b := make([]byte, 1)
|
b := make([]byte, 1)
|
||||||
for {
|
for {
|
||||||
|
if len(l) > maxPasswordLen {
|
||||||
|
tlog.Fatal.Printf("fatal: maximum password length of %d bytes exceeded", maxPasswordLen)
|
||||||
|
os.Exit(exitCode)
|
||||||
|
}
|
||||||
n, err := r.Read(b)
|
n, err := r.Read(b)
|
||||||
if err == io.EOF {
|
if err == io.EOF {
|
||||||
return l
|
return l
|
||||||
|
|
Loading…
Reference in New Issue