package-registry login has empty token
pwallrich opened this issue · 0 comments
Is it reproducible with SwiftPM command-line tools: swift build
, swift test
, swift package
etc?
- Confirmed reproduction steps with SwiftPM CLI.
Description
When executing swift package-registry login
it asks for a token but fails to retrieve it properly.
Screenshot from mitm proxy of the request:
I've checked the code a bit and it only happens on release builds. When spm is built with debug config it doesn't happen.
The issue seems to be related to readpassphrase
inside PackageRegistryCommand+Auth.swift. Somehow the buffer and passwordPtr aren't valid anymore, when the string is created.
I also already fixed it locally and will submit a PR soon (not sure, if it's the best solution).
Expected behavior
It should get the token from the cli and use it for authentication
Actual behavior
It uses an empty string instead of the password.
I assume because of some memory management issues related to readpassphrase
Steps to reproduce
- Build release version of SPM 5.10 or latest version from main
- swift package-registry login {url}
- authentication fails
Swift Package Manager version/commit hash
SPM 5.10 and latest from main
Swift & OS version (output of swift --version ; uname -a
)
swift-driver version: 1.90.11.1 Apple Swift version 5.10 (swiftlang-5.10.0.13 clang-1500.3.9.4)
Target: arm64-apple-macosx14.0