Simplify correct use of simple_prompt().

The previous API for this function had it returning a malloc'd string. That meant that callers had to check for NULL return, which few of them were doing, and it also meant that callers had to remember to free() the string later, which required extra logic in most cases. Instead, make simple_prompt() write into a buffer supplied by the caller. Anywhere that the maximum required input length is reasonably small, which is almost all of the callers, we can just use a local or static array as the buffer instead of dealing with malloc/free. A fair number of callers used "pointer == NULL" as a proxy for "haven't requested the password yet". Maintaining the same behavior requires adding a separate boolean flag for that, which adds back some of the complexity we save by removing free()s. Nonetheless, this nets out at a small reduction in overall code size, and considerably less code than we would have had if we'd added the missing NULL-return checks everywhere they were needed. In passing, clean up the API comment for simple_prompt() and get rid of a very-unnecessary malloc/free in its Windows code path. This is nominally a bug fix, but it does not seem worth back-patching, because the actual risk of an OOM failure in any of these places seems pretty tiny, and all of them are client-side not server-side anyway. This patch is by me, but it owes a great deal to Michael Paquier who identified the problem and drafted a patch for fixing it the other way. Discussion: <CAB7nPqRu07Ot6iht9i9KRfYLpDaF2ZuUv5y_+72uP23ZAGysRg@mail.gmail.com>
2025-09-03 15:22:11 +03:00 · 2016-08-30 17:02:02 -04:00
parent 37f6fd1eaa
commit 9daec77e16
15 changed files with 142 additions and 146 deletions
--- a/src/port/sprompt.c
+++ b/src/port/sprompt.c
@@ -12,33 +12,31 @@
 *
 *-------------------------------------------------------------------------
 */
-
-
-/*
- * simple_prompt
- *
- * Generalized function especially intended for reading in usernames and
- * password interactively. Reads from /dev/tty or stdin/stderr.
- *
- * prompt:		The prompt to print
- * maxlen:		How many characters to accept
- * echo:		Set to false if you want to hide what is entered (for passwords)
- *
- * Returns a malloc()'ed string with the input (w/o trailing newline).
- */
 #include "c.h"

 #ifdef HAVE_TERMIOS_H
 #include <termios.h>
 #endif

-extern char *simple_prompt(const char *prompt, int maxlen, bool echo);

-char *
-simple_prompt(const char *prompt, int maxlen, bool echo)
+/*
+ * simple_prompt
+ *
+ * Generalized function especially intended for reading in usernames and
+ * passwords interactively.  Reads from /dev/tty or stdin/stderr.
+ *
+ * prompt:		The prompt to print, or NULL if none (automatically localized)
+ * destination: buffer in which to store result
+ * destlen:		allocated length of destination
+ * echo:		Set to false if you want to hide what is entered (for passwords)
+ *
+ * The input (without trailing newline) is returned in the destination buffer,
+ * with a '\0' appended.
+ */
+void
+simple_prompt(const char *prompt, char *destination, size_t destlen, bool echo)
 {
 	int			length;
-	char	   *destination;
 	FILE	   *termin,
 			   *termout;

@@ -48,14 +46,10 @@ simple_prompt(const char *prompt, int maxlen, bool echo)
 #else
 #ifdef WIN32
 	HANDLE		t = NULL;
-	LPDWORD		t_orig = NULL;
+	DWORD		t_orig = 0;
 #endif
 #endif

-	destination = (char *) malloc(maxlen + 1);
-	if (!destination)
-		return NULL;
-
 #ifdef WIN32

 	/*
@@ -118,11 +112,10 @@ simple_prompt(const char *prompt, int maxlen, bool echo)
 	if (!echo)
 	{
 		/* get a new handle to turn echo off */
-		t_orig = (LPDWORD) malloc(sizeof(DWORD));
 		t = GetStdHandle(STD_INPUT_HANDLE);

 		/* save the old configuration first */
-		GetConsoleMode(t, t_orig);
+		GetConsoleMode(t, &t_orig);

 		/* set to the new mode */
 		SetConsoleMode(t, ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT);
@@ -136,7 +129,7 @@ simple_prompt(const char *prompt, int maxlen, bool echo)
 		fflush(termout);
 	}

-	if (fgets(destination, maxlen + 1, termin) == NULL)
+	if (fgets(destination, destlen, termin) == NULL)
 		destination[0] = '\0';

 	length = strlen(destination);
@@ -170,10 +163,9 @@ simple_prompt(const char *prompt, int maxlen, bool echo)
 	if (!echo)
 	{
 		/* reset to the original console mode */
-		SetConsoleMode(t, *t_orig);
+		SetConsoleMode(t, t_orig);
 		fputs("\n", termout);
 		fflush(termout);
-		free(t_orig);
 	}
 #endif
 #endif
@@ -183,6 +175,4 @@ simple_prompt(const char *prompt, int maxlen, bool echo)
 		fclose(termin);
 		fclose(termout);
 	}
-
-	return destination;
 }