fix: prevent prompt corruption during getpass echo_char line editing

CuriousLearner · CuriousLearner · commit d280ce970ad9 · 2026-03-23T20:39:56.000+05:30
diff --git a/Lib/getpass.py b/Lib/getpass.py
@@ -217,7 +217,7 @@ def _raw_input(prompt="", stream=None, input=None, echo_char=None,
     # NOTE: The Python C API calls flockfile() (and unlock) during readline.
     if echo_char:
         return _readline_with_echo_char(stream, input, echo_char,
-                                        term_ctrl_chars)
+                                        term_ctrl_chars, prompt)
     line = input.readline()
     if not line:
         raise EOFError
@@ -229,9 +229,10 @@ def _raw_input(prompt="", stream=None, input=None, echo_char=None,
 class _PasswordLineEditor:
     """Handles line editing for password input with echo character."""
 
-    def __init__(self, stream, echo_char, ctrl_chars):
+    def __init__(self, stream, echo_char, ctrl_chars, prompt=""):
         self.stream = stream
         self.echo_char = echo_char
+        self.prompt = prompt
         self.passwd = []
         self.cursor_pos = 0
         self.eof_pressed = False
@@ -247,18 +248,18 @@ def __init__(self, stream, echo_char, ctrl_chars):
             '\b': self._handle_erase,                       # Backspace
         }
 
-    def _refresh_display(self):
+    def _refresh_display(self, prev_len=None):
         """Redraw the entire password line with *echo_char*."""
-        self.stream.write('\r' + ' ' * len(self.passwd) + '\r')
-        self.stream.write(self.echo_char * len(self.passwd))
+        prompt_len = len(self.prompt)
+        # Use prev_len if given, otherwise current password length
+        clear_len = prev_len if prev_len is not None else len(self.passwd)
+        # Clear the entire line (prompt + password) and rewrite
+        self.stream.write('\r' + ' ' * (prompt_len + clear_len) + '\r')
+        self.stream.write(self.prompt + self.echo_char * len(self.passwd))
         if self.cursor_pos < len(self.passwd):
             self.stream.write('\b' * (len(self.passwd) - self.cursor_pos))
         self.stream.flush()
 
-    def _erase_chars(self, count):
-        """Erase *count* echo characters from display."""
-        self.stream.write("\b \b" * count)
-
     def _insert_char(self, char):
         """Insert *char* at cursor position."""
         self.passwd.insert(self.cursor_pos, char)
@@ -282,28 +283,23 @@ def _handle_erase(self):
         """Delete character before cursor (Backspace/DEL)."""
         if self.cursor_pos <= 0:
             return
+        prev_len = len(self.passwd)
         del self.passwd[self.cursor_pos - 1]
         self.cursor_pos -= 1
-        # Only refresh if deleting from middle
-        if self.cursor_pos < len(self.passwd):
-            self._refresh_display()
-        else:
-            self.stream.write("\b \b")
-            self.stream.flush()
+        self._refresh_display(prev_len)
 
     def _handle_kill_line(self):
         """Erase entire line (Ctrl+U)."""
-        self._erase_chars(len(self.passwd))
+        prev_len = len(self.passwd)
         self.passwd.clear()
         self.cursor_pos = 0
-        self.stream.flush()
+        self._refresh_display(prev_len)
 
     def _handle_kill_forward(self):
         """Kill from cursor to end (Ctrl+K)."""
-        chars_to_delete = len(self.passwd) - self.cursor_pos
+        prev_len = len(self.passwd)
         del self.passwd[self.cursor_pos:]
-        self._erase_chars(chars_to_delete)
-        self.stream.flush()
+        self._refresh_display(prev_len)
 
     def _handle_erase_word(self):
         """Erase previous word (Ctrl+W)."""
@@ -315,8 +311,9 @@ def _handle_erase_word(self):
         while self.cursor_pos > 0 and self.passwd[self.cursor_pos - 1] != ' ':
             self.cursor_pos -= 1
         # Remove the deleted portion
+        prev_len = len(self.passwd)
         del self.passwd[self.cursor_pos:old_cursor]
-        self._refresh_display()
+        self._refresh_display(prev_len)
 
     def handle(self, char):
         """Handle a single character input. Returns True if handled."""
@@ -328,12 +325,13 @@ def handle(self, char):
         return False
 
 
-def _readline_with_echo_char(stream, input, echo_char, term_ctrl_chars=None):
+def _readline_with_echo_char(stream, input, echo_char, term_ctrl_chars=None,
+                             prompt=""):
     """Read password with echo character and line editing support."""
     if term_ctrl_chars is None:
         term_ctrl_chars = _POSIX_CTRL_CHARS.copy()
 
-    editor = _PasswordLineEditor(stream, echo_char, term_ctrl_chars)
+    editor = _PasswordLineEditor(stream, echo_char, term_ctrl_chars, prompt)
 
     while True:
         char = input.read(1)
diff --git a/Lib/test/test_getpass.py b/Lib/test/test_getpass.py
@@ -199,7 +199,13 @@ def test_control_chars_with_echo_char(self):
             result = getpass._raw_input('Password: ', mock_output, mock_input,
                                         '*')
         self.assertEqual(result, expect_result)
-        self.assertEqual('Password: *******\x08 \x08', mock_output.getvalue())
+        # After backspace: refresh rewrites prompt + 6 echo chars
+        self.assertEqual(
+            'Password: *******'           # initial prompt + 7 echo chars
+            '\r' + ' ' * 17 + '\r'        # clear line (10 prompt + 7 prev)
+            'Password: ******',           # rewrite prompt + 6 echo chars
+            mock_output.getvalue()
+        )
 
     def test_kill_ctrl_u_with_echo_char(self):
         # Ctrl+U (KILL) should clear the entire line
@@ -226,6 +232,35 @@ def test_werase_ctrl_w_with_echo_char(self):
                                     '*')
         self.assertEqual(result, expect_result)
 
+    def test_ctrl_w_display_preserves_prompt(self):
+        # Reproducer from gh-138577: type "hello world", Ctrl+W
+        # Display must show "Password: ******" not "******rd: ***********"
+        passwd = 'hello world\x17'
+        mock_input = StringIO(f'{passwd}\n')
+        mock_output = StringIO()
+        result = getpass._raw_input('Password: ', mock_output, mock_input,
+                                    '*')
+        self.assertEqual(result, 'hello ')
+        output = mock_output.getvalue()
+        # The final visible state should be "Password: ******"
+        # Verify prompt is rewritten during refresh, not overwritten by stars
+        self.assertTrue(output.endswith('Password: ******'),
+                        f'Prompt corrupted in display: {output!r}')
+
+    def test_ctrl_a_insert_display_preserves_prompt(self):
+        # Reproducer from gh-138577: type "abc", Ctrl+A, type "x"
+        # Display must show "Password: ****" not "****word: ***"
+        passwd = 'abc\x01x'
+        mock_input = StringIO(f'{passwd}\n')
+        mock_output = StringIO()
+        result = getpass._raw_input('Password: ', mock_output, mock_input,
+                                    '*')
+        self.assertEqual(result, 'xabc')
+        output = mock_output.getvalue()
+        # The final visible state should be "Password: ****"
+        self.assertTrue(output.endswith('Password: ****\x08\x08\x08'),
+                        f'Prompt corrupted in display: {output!r}')
+
     def test_lnext_ctrl_v_with_echo_char(self):
         # Ctrl+V (LNEXT) should insert the next character literally
         passwd = 'test\x16\x15more'  # Type "test", hit Ctrl+V, then Ctrl+U (literal), type "more"
