make visudo response reader use BufRead::Lines

squell · squell · commit c8c7821810ed · 2025-12-15T15:19:59.000+01:00
and accept "y" as a universal affirmative response
diff --git a/po/sudo-rs.pot b/po/sudo-rs.pot
@@ -315,9 +315,9 @@ msgstr ""
 msgid "failed to remove temporary file {path}: {error}"
 msgstr ""
 
-#. TRANSLATORS: the initial letters of 'yes' and 'no' responses, in that order
+#. TRANSLATORS: the initial letters of 'no' and 'yes' responses, in that order
 #: src/sudo/edit.rs:302
-msgid "yn"
+msgid "ny"
 msgstr ""
 
 #: src/sudo/edit.rs:306
diff --git a/src/sudo/edit.rs b/src/sudo/edit.rs
@@ -298,18 +298,19 @@ fn handle_child_inner(editor: &Path, mut files: Vec<ChildFileInfo<'_>>) -> Resul
 
         // If the file has been changed to be empty, ask the user what to do.
         if new_data.is_empty() && new_data != file.old_data {
-            // TRANSLATORS: the initial letters of 'yes' and 'no' responses, in that order
-            let answers = xlat!("yn").as_bytes().get(..2).unwrap_or(b"yn");
+            // TRANSLATORS: the initial letters of 'no' and 'yes' responses, in that order
+            let answers = xlat!("ny");
 
             match crate::visudo::ask_response(
-                xlat!(
+                &xlat!(
                     "sudoedit: truncate {path} to zero? (y/n) [n] ",
                     path = file.path.display()
-                )
-                .as_bytes(),
+                ),
                 answers,
             ) {
-                Ok(val) if val == answers[0] => {}
+                Ok(val) if answers.starts_with(val) => {}
+                // a fallback: also accept 'yes' based on Debian's apt behaviour
+                Ok('y') => if !answers.contains('y') {},
                 _ => {
                     user_info!("not overwriting {path}", path = file.path.display());
 
diff --git a/src/visudo/mod.rs b/src/visudo/mod.rs
@@ -6,7 +6,7 @@ mod help;
 use std::{
     env, ffi,
     fs::{File, Permissions},
-    io::{self, Read, Seek, Write},
+    io::{self, BufRead, Read, Seek, Write},
     os::unix::prelude::{MetadataExt, PermissionsExt},
     path::{Path, PathBuf},
     process::Command,
@@ -318,8 +318,8 @@ fn edit_sudoers_file(
 
             writeln!(stderr)?;
 
-            match ask_response(b"What now? e(x)it without saving / (e)dit again: ", b"xe")? {
-                b'x' => return Ok(()),
+            match ask_response("What now? e(x)it without saving / (e)dit again: ", "xe")? {
+                'x' => return Ok(()),
                 _ => continue,
             }
         } else {
@@ -329,11 +329,11 @@ fn edit_sudoers_file(
                     "It looks like you have removed your ability to run 'sudo visudo' again.\n"
                 )?;
                 match ask_response(
-                    b"What now? e(x)it without saving / (e)dit again / lock me out and (S)ave: ",
-                    b"xeS",
+                    "What now? e(x)it without saving / (e)dit again / lock me out and (S)ave: ",
+                    "xeS",
                 )? {
-                    b'x' => return Ok(()),
-                    b'S' => {}
+                    'x' => return Ok(()),
+                    'S' => {}
                     _ => continue,
                 }
             }
@@ -385,41 +385,41 @@ fn sudo_visudo_is_allowed(mut sudoers: Sudoers, host_name: &Hostname) -> Option<
 }
 
 // Make sure that the first valid response is the "safest" choice
-pub(crate) fn ask_response(prompt: &[u8], valid_responses: &[u8]) -> io::Result<u8> {
+// This will panic if valid_responses is empty.
+pub(crate) fn ask_response(prompt: &str, valid_responses: &str) -> io::Result<char> {
     let stdin = io::stdin();
     let stdout = io::stdout();
     let mut stderr = io::stderr();
 
-    let mut stdin_handle = stdin.lock();
+    let stdin_handle = stdin.lock();
     let mut stdout_handle = stdout.lock();
 
+    let mut lines = stdin_handle.lines();
+
     loop {
-        stdout_handle.write_all(prompt)?;
+        stdout_handle.write_all(prompt.as_bytes())?;
         stdout_handle.flush()?;
 
-        let mut input = [0u8];
-        if let Err(err) = stdin_handle.read_exact(&mut input) {
-            writeln!(stderr, "visudo: cannot read user input: {err}")?;
-            return Ok(valid_responses[0]);
-        }
-
-        // read the trailing newline
-        loop {
-            let mut skipped = [0u8];
-            match stdin_handle.read_exact(&mut skipped) {
-                Ok(()) if &skipped != b"\n" => continue,
-                _ => break,
+        match lines.next() {
+            Some(Ok(answer))
+                if answer
+                    .chars()
+                    .next()
+                    .is_some_and(|input| valid_responses.contains(input)) =>
+            {
+                return Ok(answer.chars().next().unwrap());
+            }
+            Some(Ok(answer)) => writeln!(stderr, "Invalid option: '{answer}'\n",)?,
+            Some(Err(err)) => writeln!(stderr, "Invalid response: {err}\n",)?,
+            None => {
+                let safe_choice = valid_responses
+                    .chars()
+                    .next()
+                    .expect("at least one response");
+
+                writeln!(stderr, "visudo: cannot read user input")?;
+                return Ok(safe_choice);
             }
-        }
-
-        if valid_responses.contains(&input[0]) {
-            return Ok(input[0]);
-        } else {
-            writeln!(
-                stderr,
-                "Invalid option: '{}'\n",
-                str::from_utf8(&input).unwrap_or("<INVALID>")
-            )?;
         }
     }
 }
